cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject git commit: Adding more JWE utilities
Date Thu, 06 Nov 2014 17:08:16 GMT
Repository: cxf
Updated Branches:
  refs/heads/3.0.x-fixes a7f600ce9 -> fac009ab8


Adding more JWE utilities


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/fac009ab
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/fac009ab
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/fac009ab

Branch: refs/heads/3.0.x-fixes
Commit: fac009ab89c41857f76bb456911ea3046eb84f45
Parents: a7f600c
Author: Sergey Beryozkin <sberyozkin@talend.com>
Authored: Thu Nov 6 17:06:10 2014 +0000
Committer: Sergey Beryozkin <sberyozkin@talend.com>
Committed: Thu Nov 6 17:07:32 2014 +0000

----------------------------------------------------------------------
 .../cxf/rs/security/jose/jwa/Algorithm.java     |  11 +-
 .../security/jose/jwe/JweCompactConsumer.java   |   3 +-
 .../cxf/rs/security/jose/jwe/JweUtils.java      | 230 ++++++++++++++-----
 .../cxf/rs/security/jose/jwk/JwkUtils.java      | 113 ++++-----
 .../oauth2/client/OAuthClientUtils.java         |  11 +
 5 files changed, 250 insertions(+), 118 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/fac009ab/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/Algorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/Algorithm.java
b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/Algorithm.java
index 5b15866..d816d5a 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/Algorithm.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/Algorithm.java
@@ -213,6 +213,9 @@ public enum Algorithm {
         }
         return javaName;
     }
+    public static boolean isRsa(String algo) {
+        return isRsaOaep(algo) || isRsaShaSign(algo);
+    }
     public static boolean isRsaOaep(String algo) {
         return RSA_OAEP_CEK_SET.contains(algo);
     }
@@ -231,7 +234,13 @@ public enum Algorithm {
     public static boolean isHmacSign(String algo) {
         return HMAC_SIGN_SET.contains(algo); 
     }
-    
+    public static boolean isOctet(String algo) {
+        return isHmacSign(algo)
+            || isAesCbcHmac(algo)
+            || isAesGcm(algo)
+            || isAesGcmKeyWrap(algo)
+            || isAesKeyWrap(algo); 
+    } 
     public static boolean isRsaShaSign(String algo) {
         return RSA_SHA_SIGN_SET.contains(algo); 
     }

http://git-wip-us.apache.org/repos/asf/cxf/blob/fac009ab/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweCompactConsumer.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweCompactConsumer.java
b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweCompactConsumer.java
index ab4c9b5..5862072 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweCompactConsumer.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweCompactConsumer.java
@@ -26,7 +26,6 @@ import org.apache.cxf.common.util.Base64UrlUtility;
 import org.apache.cxf.rs.security.jose.JoseHeaders;
 import org.apache.cxf.rs.security.jose.JoseHeadersReader;
 import org.apache.cxf.rs.security.jose.JoseHeadersReaderWriter;
-import org.apache.cxf.rs.security.jose.jws.JwsUtils;
 
 
 public class JweCompactConsumer {
@@ -115,6 +114,6 @@ public class JweCompactConsumer {
         }
     }
     public boolean validateCriticalHeaders() {
-        return JwsUtils.validateCriticalHeaders(getJweHeaders());
+        return JweUtils.validateCriticalHeaders(getJweHeaders());
     }
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/fac009ab/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
index 836a284..6dc2466 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
@@ -40,9 +40,29 @@ public final class JweUtils {
     private JweUtils() {
         
     }
-    public static boolean validatecriticalheaders(JoseHeaders headers) {
-        //TODO: Validate JWE specific constraints
-        return JoseUtils.validateCriticalHeaders(headers);
+    public String encrypt(RSAPublicKey key, String keyAlgo, String contentAlgo, byte[] content)
{
+        KeyEncryptionAlgorithm keyEncryptionProvider = getRSAKeyEncryptionAlgorithm(key,
keyAlgo);
+        return encrypt(keyEncryptionProvider, contentAlgo, content);
+    }
+    public String encrypt(SecretKey key, String keyAlgo, String contentAlgo, byte[] content)
{
+        KeyEncryptionAlgorithm keyEncryptionProvider = getSecretKeyEncryptionAlgorithm(key,
keyAlgo);
+        return encrypt(keyEncryptionProvider, contentAlgo, content);
+    }
+    public String encryptDirect(SecretKey key, String contentAlgo, byte[] content) {
+        JweEncryptionProvider jwe = getDirectKeyJweEncryption(key, contentAlgo);
+        return jwe.encrypt(content, null);
+    }
+    public byte[] decrypt(RSAPrivateKey key, String keyAlgo, String contentAlgo, String content)
{
+        KeyDecryptionAlgorithm keyDecryptionProvider = getRSAKeyDecryptionAlgorithm(key,
keyAlgo);
+        return decrypt(keyDecryptionProvider, contentAlgo, content);
+    }
+    public byte[] decrypt(SecretKey key, String keyAlgo, String contentAlgo, String content)
{
+        KeyDecryptionAlgorithm keyDecryptionProvider = getSecretKeyDecryptionAlgorithm(key,
keyAlgo);
+        return decrypt(keyDecryptionProvider, contentAlgo, content);
+    }
+    public byte[] decryptDirect(SecretKey key, String contentAlgo, String content) {
+        JweDecryptionProvider jwe = getDirectKeyJweDecryption(key, contentAlgo);
+        return jwe.decrypt(content).getContent();
     }
     public static KeyEncryptionAlgorithm getKeyEncryptionAlgorithm(JsonWebKey jwk) {
         return getKeyEncryptionAlgorithm(jwk, null);
@@ -51,20 +71,27 @@ public final class JweUtils {
         String keyEncryptionAlgo = jwk.getAlgorithm() == null ? defaultAlgorithm : jwk.getAlgorithm();
         KeyEncryptionAlgorithm keyEncryptionProvider = null;
         if (JsonWebKey.KEY_TYPE_RSA.equals(jwk.getKeyType())) {
-            keyEncryptionProvider = new RSAOaepKeyEncryptionAlgorithm(JwkUtils.toRSAPublicKey(jwk),

-                                                                      keyEncryptionAlgo);
+            keyEncryptionProvider = getRSAKeyEncryptionAlgorithm(JwkUtils.toRSAPublicKey(jwk),

+                                                                 keyEncryptionAlgo);
         } else if (JsonWebKey.KEY_TYPE_OCTET.equals(jwk.getKeyType())) {
-            SecretKey key = JwkUtils.toSecretKey(jwk);
-            if (Algorithm.isAesKeyWrap(keyEncryptionAlgo)) {
-                keyEncryptionProvider = new AesWrapKeyEncryptionAlgorithm(key, keyEncryptionAlgo);
-            } else if (Algorithm.isAesGcmKeyWrap(keyEncryptionAlgo)) {
-                keyEncryptionProvider = new AesGcmWrapKeyEncryptionAlgorithm(key, keyEncryptionAlgo);
-            }
+            keyEncryptionProvider = getSecretKeyEncryptionAlgorithm(JwkUtils.toSecretKey(jwk),

+                                                                    keyEncryptionAlgo);
         } else {
             // TODO: support elliptic curve keys
         }
         return keyEncryptionProvider;
     }
+    public static KeyEncryptionAlgorithm getRSAKeyEncryptionAlgorithm(RSAPublicKey key, String
algo) {
+        return new RSAOaepKeyEncryptionAlgorithm(key, algo);
+    }
+    public static KeyEncryptionAlgorithm getSecretKeyEncryptionAlgorithm(SecretKey key, String
algo) {
+        if (Algorithm.isAesKeyWrap(algo)) {
+            return new AesWrapKeyEncryptionAlgorithm(key, algo);
+        } else if (Algorithm.isAesGcmKeyWrap(algo)) {
+            return new AesGcmWrapKeyEncryptionAlgorithm(key, algo);
+        }
+        return null;
+    }
     public static KeyDecryptionAlgorithm getKeyDecryptionAlgorithm(JsonWebKey jwk) {
         return getKeyDecryptionAlgorithm(jwk, null);
     }
@@ -72,20 +99,27 @@ public final class JweUtils {
         String keyEncryptionAlgo = jwk.getAlgorithm() == null ? defaultAlgorithm : jwk.getAlgorithm();
         KeyDecryptionAlgorithm keyDecryptionProvider = null;
         if (JsonWebKey.KEY_TYPE_RSA.equals(jwk.getKeyType())) {
-            keyDecryptionProvider = new RSAOaepKeyDecryptionAlgorithm(JwkUtils.toRSAPrivateKey(jwk),

-                                                                      keyEncryptionAlgo);
+            keyDecryptionProvider = getRSAKeyDecryptionAlgorithm(JwkUtils.toRSAPrivateKey(jwk),

+                                                                 keyEncryptionAlgo);
         } else if (JsonWebKey.KEY_TYPE_OCTET.equals(jwk.getKeyType())) {
-            SecretKey key = JwkUtils.toSecretKey(jwk);
-            if (Algorithm.isAesKeyWrap(jwk.getAlgorithm())) {
-                keyDecryptionProvider = new AesWrapKeyDecryptionAlgorithm(key, keyEncryptionAlgo);
-            } else if (Algorithm.isAesGcmKeyWrap(jwk.getAlgorithm())) {
-                keyDecryptionProvider = new AesGcmWrapKeyDecryptionAlgorithm(key, keyEncryptionAlgo);
-            } 
+            keyDecryptionProvider = getSecretKeyDecryptionAlgorithm(JwkUtils.toSecretKey(jwk),
+                                            keyEncryptionAlgo);
         } else {
             // TODO: support elliptic curve keys
         }
         return keyDecryptionProvider;
     }
+    public static KeyDecryptionAlgorithm getRSAKeyDecryptionAlgorithm(RSAPrivateKey key,
String algo) {
+        return new RSAOaepKeyDecryptionAlgorithm(key, algo);
+    }
+    public static KeyDecryptionAlgorithm getSecretKeyDecryptionAlgorithm(SecretKey key, String
algo) {
+        if (Algorithm.isAesKeyWrap(algo)) {
+            return new AesWrapKeyDecryptionAlgorithm(key, algo);
+        } else if (Algorithm.isAesGcmKeyWrap(algo)) {
+            return new AesGcmWrapKeyDecryptionAlgorithm(key, algo);
+        }
+        return null;
+    }
     public static ContentEncryptionAlgorithm getContentEncryptionAlgorithm(JsonWebKey jwk)
{
         return getContentEncryptionAlgorithm(jwk, null);
     }
@@ -93,13 +127,29 @@ public final class JweUtils {
         String ctEncryptionAlgo = jwk.getAlgorithm() == null ? defaultAlgorithm : jwk.getAlgorithm();
         ContentEncryptionAlgorithm contentEncryptionProvider = null;
         if (JsonWebKey.KEY_TYPE_OCTET.equals(jwk.getKeyType())) {
-            SecretKey key = JwkUtils.toSecretKey(jwk);
-            if (Algorithm.isAesGcm(ctEncryptionAlgo)) {
-                contentEncryptionProvider = new AesGcmContentEncryptionAlgorithm(key, null,
ctEncryptionAlgo);
-            }
+            return getContentEncryptionAlgorithm(JwkUtils.toSecretKey(jwk),
+                                                 ctEncryptionAlgo);
         }
         return contentEncryptionProvider;
     }
+    public static ContentEncryptionAlgorithm getContentEncryptionAlgorithm(SecretKey key,
String algorithm) {
+        if (Algorithm.isAesGcm(algorithm)) {
+            return new AesGcmContentEncryptionAlgorithm(key, null, algorithm);
+        }
+        return null;
+    }
+    public static ContentEncryptionAlgorithm getContentEncryptionAlgorithm(String algorithm)
{
+        if (Algorithm.isAesGcm(algorithm)) {
+            return new AesGcmContentEncryptionAlgorithm(algorithm);
+        }
+        return null;
+    }
+    public static ContentDecryptionAlgorithm getContentDecryptionAlgorithm(String algorithm)
{
+        if (Algorithm.isAesGcm(algorithm)) {
+            return new AesGcmContentDecryptionAlgorithm(algorithm);
+        }
+        return null;
+    }
     public static SecretKey getContentDecryptionSecretKey(JsonWebKey jwk) {
         return getContentDecryptionSecretKey(jwk, null);
     }
@@ -110,6 +160,12 @@ public final class JweUtils {
         }
         return null;
     }
+    public static JweEncryptionProvider getDirectKeyJweEncryption(SecretKey key, String algorithm)
{
+        return new DirectKeyJweEncryption(getContentEncryptionAlgorithm(key, algorithm));
+    }
+    public static JweDecryptionProvider getDirectKeyJweDecryption(SecretKey key, String algorithm)
{
+        return new DirectKeyJweDecryption(key, getContentDecryptionAlgorithm(algorithm));
+    }
     public static JweEncryptionProvider loadEncryptionProvider(String propLoc, Message m)
{
         KeyEncryptionAlgorithm keyEncryptionProvider = null;
         String keyEncryptionAlgo = null;
@@ -127,38 +183,20 @@ public final class JweUtils {
             keyEncryptionAlgo = getKeyEncryptionAlgo(props, jwk.getAlgorithm());
             if ("direct".equals(keyEncryptionAlgo)) {
                 contentEncryptionAlgo = getContentEncryptionAlgo(props, jwk.getAlgorithm());
-                ctEncryptionProvider = JweUtils.getContentEncryptionAlgorithm(jwk, contentEncryptionAlgo);
+                ctEncryptionProvider = getContentEncryptionAlgorithm(jwk, contentEncryptionAlgo);
             } else {
-                keyEncryptionProvider = JweUtils.getKeyEncryptionAlgorithm(jwk, keyEncryptionAlgo);
+                keyEncryptionProvider = getKeyEncryptionAlgorithm(jwk, keyEncryptionAlgo);
             }
             
         } else {
-            keyEncryptionProvider = new RSAOaepKeyEncryptionAlgorithm(
+            keyEncryptionProvider = getRSAKeyEncryptionAlgorithm(
                 (RSAPublicKey)KeyManagementUtils.loadPublicKey(m, props), 
                 getKeyEncryptionAlgo(props, keyEncryptionAlgo));
         }
-        if (keyEncryptionProvider == null && ctEncryptionProvider == null) {
-            throw new SecurityException();
-        }
-        
-        
-        JweHeaders headers = new JweHeaders(getKeyEncryptionAlgo(props, keyEncryptionAlgo),

-                                            contentEncryptionAlgo);
-        String compression = props.getProperty(JSON_WEB_ENCRYPTION_ZIP_ALGO_PROP);
-        if (compression != null) {
-            headers.setZipAlgorithm(compression);
-        }
-        if (keyEncryptionProvider != null) {
-            if (Algorithm.isAesCbcHmac(contentEncryptionAlgo)) { 
-                return new AesCbcHmacJweEncryption(contentEncryptionAlgo, keyEncryptionProvider);
-            } else {
-                return new WrappedKeyJweEncryption(headers, 
-                                                   keyEncryptionProvider,
-                                                   new AesGcmContentEncryptionAlgorithm(contentEncryptionAlgo));
-            }
-        } else {
-            return new DirectKeyJweEncryption(ctEncryptionProvider);
-        }
+        return createJweEncryptionProvider(keyEncryptionProvider, 
+                                    ctEncryptionProvider, 
+                                    contentEncryptionAlgo,
+                                    props.getProperty(JSON_WEB_ENCRYPTION_ZIP_ALGO_PROP));
     }
     public static JweDecryptionProvider loadDecryptionProvider(String propLoc, Message m)
{
         KeyDecryptionAlgorithm keyDecryptionProvider = null;
@@ -170,33 +208,95 @@ public final class JweUtils {
         }    
         String contentEncryptionAlgo = props.getProperty(JSON_WEB_ENCRYPTION_CEK_ALGO_PROP);
         SecretKey ctDecryptionKey = null;
+        String keyEncryptionAlgo = getKeyEncryptionAlgo(props, null);
         if (JwkUtils.JWK_KEY_STORE_TYPE.equals(props.get(KeyManagementUtils.RSSEC_KEY_STORE_TYPE)))
{
             JsonWebKey jwk = JwkUtils.loadJsonWebKey(m, props, JsonWebKey.KEY_OPER_ENCRYPT);
-            String keyEncryptionAlgo = getKeyEncryptionAlgo(props, jwk.getAlgorithm());
+            keyEncryptionAlgo = getKeyEncryptionAlgo(props, jwk.getAlgorithm());
             if ("direct".equals(keyEncryptionAlgo)) {
                 contentEncryptionAlgo = getContentEncryptionAlgo(props, contentEncryptionAlgo);
-                ctDecryptionKey = JweUtils.getContentDecryptionSecretKey(jwk, contentEncryptionAlgo);
+                ctDecryptionKey = getContentDecryptionSecretKey(jwk, contentEncryptionAlgo);
             } else {
-                keyDecryptionProvider = JweUtils.getKeyDecryptionAlgorithm(jwk, keyEncryptionAlgo);
+                keyDecryptionProvider = getKeyDecryptionAlgorithm(jwk, keyEncryptionAlgo);
             }
         } else {
-            keyDecryptionProvider = new RSAOaepKeyDecryptionAlgorithm(
+            keyDecryptionProvider = getRSAKeyDecryptionAlgorithm(
                 (RSAPrivateKey)KeyManagementUtils.loadPrivateKey(
-                    m, props, KeyManagementUtils.RSSEC_DECRYPT_KEY_PSWD_PROVIDER));
+                    m, props, KeyManagementUtils.RSSEC_DECRYPT_KEY_PSWD_PROVIDER), keyEncryptionAlgo);
+        }
+        return createJweDecryptionProvider(keyDecryptionProvider, ctDecryptionKey, contentEncryptionAlgo);
+    }
+    public static JweEncryptionProvider createJweEncryptionProvider(KeyEncryptionAlgorithm
keyEncryptionProvider,
+                                                                    String contentEncryptionAlgo,
+                                                                    String compression) {
+        JweHeaders headers = 
+            prepareJweHeaders(keyEncryptionProvider != null ? keyEncryptionProvider.getAlgorithm()
: null,
+                contentEncryptionAlgo, compression);
+        return createJweEncryptionProvider(keyEncryptionProvider, headers);
+    }
+    public static JweEncryptionProvider createJweEncryptionProvider(KeyEncryptionAlgorithm
keyEncryptionProvider,
+                                                                    JweHeaders headers) {
+        String contentEncryptionAlgo = headers.getContentEncryptionAlgorithm();
+        if (Algorithm.isAesCbcHmac(contentEncryptionAlgo)) { 
+            return new AesCbcHmacJweEncryption(headers, keyEncryptionProvider);
+        } else {
+            return new WrappedKeyJweEncryption(headers, 
+                                               keyEncryptionProvider,
+                                               getContentEncryptionAlgorithm(contentEncryptionAlgo));
+        }
+    }
+    public static JweDecryptionProvider createJweDecryptionProvider(KeyDecryptionAlgorithm
keyDecryptionProvider,
+                                                                    String contentDecryptionAlgo)
{
+        if (Algorithm.isAesCbcHmac(contentDecryptionAlgo)) { 
+            return new AesCbcHmacJweDecryption(keyDecryptionProvider, contentDecryptionAlgo);
+        } else {
+            return new WrappedKeyJweDecryption(keyDecryptionProvider, 
+                                               getContentDecryptionAlgorithm(contentDecryptionAlgo));
+        }
+    }
+    
+    public static boolean validateCriticalHeaders(JoseHeaders headers) {
+        //TODO: Validate JWE specific constraints
+        return JoseUtils.validateCriticalHeaders(headers);
+    }
+    private static JweHeaders prepareJweHeaders(String keyEncryptionAlgo,
+                                                String contentEncryptionAlgo,
+                                                String compression) {
+        JweHeaders headers = new JweHeaders();
+        if (keyEncryptionAlgo != null) {
+            headers.setAlgorithm(keyEncryptionAlgo);
+            headers.setContentEncryptionAlgorithm(contentEncryptionAlgo);
+            if (compression != null) {
+                headers.setZipAlgorithm(compression);
+            }
+        }
+        return headers;
+    }
+    private static JweEncryptionProvider createJweEncryptionProvider(KeyEncryptionAlgorithm
keyEncryptionProvider,
+                                                                     ContentEncryptionAlgorithm
ctEncryptionProvider,
+                                                                     String contentEncryptionAlgo,
+                                                                     String compression)
{
+        if (keyEncryptionProvider == null && ctEncryptionProvider == null) {
+            throw new SecurityException();
         }
+        JweHeaders headers = 
+            prepareJweHeaders(keyEncryptionProvider != null ? keyEncryptionProvider.getAlgorithm()
: null,
+                contentEncryptionAlgo, compression);
+        if (keyEncryptionProvider != null) {
+            return createJweEncryptionProvider(keyEncryptionProvider, headers);
+        } else {
+            return new DirectKeyJweEncryption(headers, ctEncryptionProvider);
+        }
+    }
+    private static JweDecryptionProvider createJweDecryptionProvider(KeyDecryptionAlgorithm
keyDecryptionProvider,
+                                                                    SecretKey ctDecryptionKey,
+                                                                    String contentDecryptionAlgo)
{
         if (keyDecryptionProvider == null && ctDecryptionKey == null) {
             throw new SecurityException();
         }
         if (keyDecryptionProvider != null) {
-            if (Algorithm.isAesCbcHmac(contentEncryptionAlgo)) { 
-                return new AesCbcHmacJweDecryption(keyDecryptionProvider, contentEncryptionAlgo);
-            } else {
-                return new WrappedKeyJweDecryption(keyDecryptionProvider, 
-                                                   new AesGcmContentDecryptionAlgorithm(contentEncryptionAlgo));
-            }
+            return createJweDecryptionProvider(keyDecryptionProvider, contentDecryptionAlgo);
         } else {
-            return new DirectKeyJweDecryption(ctDecryptionKey, 
-                                              new AesGcmContentDecryptionAlgorithm(contentEncryptionAlgo));
+            return getDirectKeyJweDecryption(ctDecryptionKey, contentDecryptionAlgo);
         }
     }
     private static String getKeyEncryptionAlgo(Properties props, String algo) {
@@ -205,4 +305,12 @@ public final class JweUtils {
     private static String getContentEncryptionAlgo(Properties props, String algo) {
         return algo == null ? props.getProperty(JSON_WEB_ENCRYPTION_CEK_ALGO_PROP) : algo;
     }
+    private static String encrypt(KeyEncryptionAlgorithm keyEncryptionProvider, String contentAlgo,
byte[] content) {
+        JweEncryptionProvider jwe = createJweEncryptionProvider(keyEncryptionProvider, contentAlgo,
null);
+        return jwe.encrypt(content, null);
+    }
+    private static byte[] decrypt(KeyDecryptionAlgorithm keyDecryptionProvider, String contentAlgo,
String content) {
+        JweDecryptionProvider jwe = createJweDecryptionProvider(keyDecryptionProvider, contentAlgo);
+        return jwe.decrypt(content).getContent();
+    }
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/fac009ab/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkUtils.java
b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkUtils.java
index 6e4d4b2..3ebbbc6 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkUtils.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkUtils.java
@@ -90,7 +90,7 @@ public final class JwkUtils {
         return encryptJwkSet(jwkSet, createDefaultEncryption(password), writer);
     }
     public static String encryptJwkSet(JsonWebKeys jwkSet, JweEncryptionProvider jwe, JwkReaderWriter
writer) {
-        return jwe.encrypt(stringToBytes(writer.jwkSetToJson(jwkSet)), "jwk-set+json");
+        return jwe.encrypt(StringUtils.toBytesUTF8(writer.jwkSetToJson(jwkSet)), "jwk-set+json");
     }
     public static JsonWebKeys decryptJwkSet(String jsonJwkSet, char[] password) {
         return decryptJwkSet(jsonJwkSet, password, new DefaultJwkReaderWriter());
@@ -119,7 +119,7 @@ public final class JwkUtils {
         return encryptJwkKey(jwkKey, createDefaultEncryption(password), writer);
     }
     public static String encryptJwkKey(JsonWebKey jwkKey, JweEncryptionProvider jwe, JwkReaderWriter
writer) {
-        return jwe.encrypt(stringToBytes(writer.jwkToJson(jwkKey)), "jwk+json");
+        return jwe.encrypt(StringUtils.toBytesUTF8(writer.jwkToJson(jwkKey)), "jwk+json");
     }
     public static JsonWebKey decryptJwkKey(String jsonJwkKey, char[] password) {
         return decryptJwkKey(jsonJwkKey, password, new DefaultJwkReaderWriter());
@@ -141,15 +141,6 @@ public final class JwkUtils {
         throws IOException {
         return reader.jsonToJwk(jwe.decrypt(IOUtils.readStringFromStream(is)).getContentText());
     }
-    private static JweEncryptionProvider createDefaultEncryption(char[] password) {
-        KeyEncryptionAlgorithm keyEncryption = 
-            new PbesHmacAesWrapKeyEncryptionAlgorithm(password, Algorithm.PBES2_HS256_A128KW.getJwtName());
-        return new AesCbcHmacJweEncryption(Algorithm.A128CBC_HS256.getJwtName(), keyEncryption);
-    }
-    private static JweDecryptionProvider createDefaultDecryption(char[] password) {
-        KeyDecryptionAlgorithm keyDecryption = new PbesHmacAesWrapKeyDecryptionAlgorithm(password);
-        return new AesCbcHmacJweDecryption(keyDecryption);
-    }
     public static JsonWebKeys loadJwkSet(Message m, Properties props, PrivateKeyPasswordProvider
cb) {
         return loadJwkSet(m, props, cb, new DefaultJwkReaderWriter());
     }
@@ -246,42 +237,13 @@ public final class JwkUtils {
         }
         return null;
     }
-    private static String getKeyId(Properties props, String propertyName, String keyOper)
{
-        String kid = props.getProperty(propertyName);
-        if (kid == null && keyOper != null) {
-            String keyIdProp = null;
-            if (keyOper.equals(JsonWebKey.KEY_OPER_ENCRYPT)) {
-                keyIdProp = propertyName + ".jwe";
-            } else if (keyOper.equals(JsonWebKey.KEY_OPER_SIGN)
-                       || keyOper.equals(JsonWebKey.KEY_OPER_VERIFY)) {
-                keyIdProp = propertyName + ".jws";
-            }
-            if (keyIdProp != null) {
-                kid = props.getProperty(keyIdProp);
-            }
-        }
-        return kid;
-    }
-    private static PrivateKeyPasswordProvider loadPasswordProvider(Message m, Properties
props, String keyOper) {
-        PrivateKeyPasswordProvider cb = 
-            (PrivateKeyPasswordProvider)m.getContextualProperty(KeyManagementUtils.RSSEC_KEY_PSWD_PROVIDER);
-        if (cb == null && keyOper != null) {
-            String propName = keyOper.equals(JsonWebKey.KEY_OPER_SIGN) ? KeyManagementUtils.RSSEC_SIG_KEY_PSWD_PROVIDER
-                : keyOper.equals(JsonWebKey.KEY_OPER_ENCRYPT) 
-                ? KeyManagementUtils.RSSEC_DECRYPT_KEY_PSWD_PROVIDER : null;
-            if (propName != null) {
-                cb = (PrivateKeyPasswordProvider)m.getContextualProperty(propName);
-            }
-        }
-        return cb;
-    }
     public static RSAPublicKey toRSAPublicKey(JsonWebKey jwk) {
         String encodedModulus = (String)jwk.getProperty(JsonWebKey.RSA_MODULUS);
         String encodedPublicExponent = (String)jwk.getProperty(JsonWebKey.RSA_PUBLIC_EXP);
         return CryptoUtils.getRSAPublicKey(encodedModulus, encodedPublicExponent);
     }
-    public static JsonWebKey fromRSAPublicKey(RSAPublicKey pk) {
-        JsonWebKey jwk = prepareRSAJwk(pk.getModulus());
+    public static JsonWebKey fromRSAPublicKey(RSAPublicKey pk, String algo) {
+        JsonWebKey jwk = prepareRSAJwk(pk.getModulus(), algo);
         String encodedPublicExponent = Base64UrlUtility.encode(pk.getPublicExponent().toByteArray());
         jwk.setProperty(JsonWebKey.RSA_PUBLIC_EXP, encodedPublicExponent);
         return jwk;
@@ -308,19 +270,12 @@ public final class JwkUtils {
                                                 encodedCrtCoefficient);
         }
     }
-    public static JsonWebKey fromRSAPrivateKey(RSAPrivateKey pk) {
-        JsonWebKey jwk = prepareRSAJwk(pk.getModulus());
+    public static JsonWebKey fromRSAPrivateKey(RSAPrivateKey pk, String algo) {
+        JsonWebKey jwk = prepareRSAJwk(pk.getModulus(), algo);
         String encodedPrivateExponent = Base64UrlUtility.encode(pk.getPrivateExponent().toByteArray());
         jwk.setProperty(JsonWebKey.RSA_PRIVATE_EXP, encodedPrivateExponent);
         return jwk;
     }
-    private static JsonWebKey prepareRSAJwk(BigInteger modulus) {
-        JsonWebKey jwk = new JsonWebKey();
-        jwk.setKeyType(JsonWebKey.KEY_TYPE_RSA);
-        String encodedModulus = Base64UrlUtility.encode(modulus.toByteArray());
-        jwk.setProperty(JsonWebKey.RSA_MODULUS, encodedModulus);
-        return jwk;
-    }
     public static ECPublicKey toECPublicKey(JsonWebKey jwk) {
         String eCurve = (String)jwk.getProperty(JsonWebKey.EC_CURVE);
         String encodedXCoord = (String)jwk.getProperty(JsonWebKey.EC_X_COORDINATE);
@@ -337,15 +292,65 @@ public final class JwkUtils {
         return CryptoUtils.createSecretKeySpec((String)jwk.getProperty(JsonWebKey.OCTET_KEY_VALUE),

                                                Algorithm.toJavaName(jwk.getAlgorithm()));
     }
-    public static JsonWebKey fromSecretKey(SecretKey secretKey) {
+    public static JsonWebKey fromSecretKey(SecretKey secretKey, String algo) {
+        if (!Algorithm.isOctet(algo)) {
+            throw new SecurityException("Invalid algorithm");
+        }
         JsonWebKey jwk = new JsonWebKey();
         jwk.setKeyType(JsonWebKey.KEY_TYPE_OCTET);
+        jwk.setAlgorithm(algo);
         String encodedSecretKey = Base64UrlUtility.encode(secretKey.getEncoded());
         jwk.setProperty(JsonWebKey.OCTET_KEY_VALUE, encodedSecretKey);
         return jwk;
     }
     
-    private static byte[] stringToBytes(String str) {
-        return StringUtils.toBytesUTF8(str);
+    private static String getKeyId(Properties props, String propertyName, String keyOper)
{
+        String kid = props.getProperty(propertyName);
+        if (kid == null && keyOper != null) {
+            String keyIdProp = null;
+            if (keyOper.equals(JsonWebKey.KEY_OPER_ENCRYPT)) {
+                keyIdProp = propertyName + ".jwe";
+            } else if (keyOper.equals(JsonWebKey.KEY_OPER_SIGN)
+                       || keyOper.equals(JsonWebKey.KEY_OPER_VERIFY)) {
+                keyIdProp = propertyName + ".jws";
+            }
+            if (keyIdProp != null) {
+                kid = props.getProperty(keyIdProp);
+            }
+        }
+        return kid;
+    }
+    private static PrivateKeyPasswordProvider loadPasswordProvider(Message m, Properties
props, String keyOper) {
+        PrivateKeyPasswordProvider cb = 
+            (PrivateKeyPasswordProvider)m.getContextualProperty(KeyManagementUtils.RSSEC_KEY_PSWD_PROVIDER);
+        if (cb == null && keyOper != null) {
+            String propName = keyOper.equals(JsonWebKey.KEY_OPER_SIGN) ? KeyManagementUtils.RSSEC_SIG_KEY_PSWD_PROVIDER
+                : keyOper.equals(JsonWebKey.KEY_OPER_ENCRYPT) 
+                ? KeyManagementUtils.RSSEC_DECRYPT_KEY_PSWD_PROVIDER : null;
+            if (propName != null) {
+                cb = (PrivateKeyPasswordProvider)m.getContextualProperty(propName);
+            }
+        }
+        return cb;
+    }
+    private static JweEncryptionProvider createDefaultEncryption(char[] password) {
+        KeyEncryptionAlgorithm keyEncryption = 
+            new PbesHmacAesWrapKeyEncryptionAlgorithm(password, Algorithm.PBES2_HS256_A128KW.getJwtName());
+        return new AesCbcHmacJweEncryption(Algorithm.A128CBC_HS256.getJwtName(), keyEncryption);
+    }
+    private static JweDecryptionProvider createDefaultDecryption(char[] password) {
+        KeyDecryptionAlgorithm keyDecryption = new PbesHmacAesWrapKeyDecryptionAlgorithm(password);
+        return new AesCbcHmacJweDecryption(keyDecryption);
+    }
+    private static JsonWebKey prepareRSAJwk(BigInteger modulus, String algo) {
+        if (!Algorithm.isRsa(algo)) {
+            throw new SecurityException("Invalid algorithm");
+        }
+        JsonWebKey jwk = new JsonWebKey();
+        jwk.setKeyType(JsonWebKey.KEY_TYPE_RSA);
+        jwk.setAlgorithm(algo);
+        String encodedModulus = Base64UrlUtility.encode(modulus.toByteArray());
+        jwk.setProperty(JsonWebKey.RSA_MODULUS, encodedModulus);
+        return jwk;
     }
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/fac009ab/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/OAuthClientUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/OAuthClientUtils.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/OAuthClientUtils.java
index b63de40..19258ac 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/OAuthClientUtils.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/OAuthClientUtils.java
@@ -27,6 +27,7 @@ import java.util.Map;
 import javax.ws.rs.ProcessingException;
 import javax.ws.rs.client.ResponseProcessingException;
 import javax.ws.rs.core.Form;
+import javax.ws.rs.core.HttpHeaders;
 import javax.ws.rs.core.Response;
 import javax.ws.rs.core.UriBuilder;
 
@@ -349,6 +350,16 @@ public final class OAuthClientUtils {
         appendTokenData(sb, accessToken, httpProps);  
         return sb.toString();
     }
+    public static void setAuthorizationHeader(WebClient wc, ClientAccessToken accessToken)
{
+        setAuthorizationHeader(wc, accessToken, null);
+    }
+    public static void setAuthorizationHeader(WebClient wc,
+                                              ClientAccessToken accessToken,
+                                              String httpVerb) {
+        wc.replaceHeader(HttpHeaders.AUTHORIZATION, 
+                         createAuthorizationHeader(accessToken, 
+                                                   new HttpRequestProperties(wc, httpVerb)));
+    }
     
     private static void appendTokenData(StringBuilder sb, 
                                         ClientAccessToken token,


Mime
View raw message