Return-Path: X-Original-To: apmail-cxf-commits-archive@www.apache.org Delivered-To: apmail-cxf-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 2ACE5102C1 for ; Mon, 24 Nov 2014 17:39:23 +0000 (UTC) Received: (qmail 37960 invoked by uid 500); 24 Nov 2014 17:39:23 -0000 Delivered-To: apmail-cxf-commits-archive@cxf.apache.org Received: (qmail 37901 invoked by uid 500); 24 Nov 2014 17:39:23 -0000 Mailing-List: contact commits-help@cxf.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cxf.apache.org Delivered-To: mailing list commits@cxf.apache.org Received: (qmail 37892 invoked by uid 99); 24 Nov 2014 17:39:23 -0000 Received: from tyr.zones.apache.org (HELO tyr.zones.apache.org) (140.211.11.114) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 24 Nov 2014 17:39:23 +0000 Received: by tyr.zones.apache.org (Postfix, from userid 65534) id BD4C3A16D4C; Mon, 24 Nov 2014 17:39:22 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: sergeyb@apache.org To: commits@cxf.apache.org Message-Id: <89e3a2e6b1054e88b96fa5d1da7a5da8@git.apache.org> X-Mailer: ASF-Git Admin Mailer Subject: cxf git commit: Making it easier to plugin jose4j/etc into CXF JOSE filters Date: Mon, 24 Nov 2014 17:39:22 +0000 (UTC) Repository: cxf Updated Branches: refs/heads/3.0.x-fixes a2ab2aec8 -> 1e4a285f0 Making it easier to plugin jose4j/etc into CXF JOSE filters Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/1e4a285f Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/1e4a285f Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/1e4a285f Branch: refs/heads/3.0.x-fixes Commit: 1e4a285f03eb40c5b2941012120e65ed698e99c7 Parents: a2ab2ae Author: Sergey Beryozkin Authored: Mon Nov 24 17:38:12 2014 +0000 Committer: Sergey Beryozkin Committed: Mon Nov 24 17:39:04 2014 +0000 ---------------------------------------------------------------------- .../jose/jaxrs/AbstractJweDecryptingFilter.java | 5 ++++ .../jose/jaxrs/AbstractJwsReaderProvider.java | 5 ++++ .../jose/jaxrs/AbstractJwsWriterProvider.java | 5 ++++ .../jose/jaxrs/JweWriterInterceptor.java | 5 ++++ .../jose/jwe/JweEncryptionProvider.java | 3 +++ .../cxf/rs/security/jose/jwe/JweFactory.java | 25 ++++++++++++++++++++ .../jose/jws/AbstractJwsSignatureProvider.java | 6 +++++ .../security/jose/jws/JwsCompactProducer.java | 8 +++---- .../cxf/rs/security/jose/jws/JwsFactory.java | 25 ++++++++++++++++++++ .../rs/security/jose/jws/JwsJsonProducer.java | 6 ++--- .../security/jose/jws/JwsSignatureProvider.java | 4 ++++ .../utils/crypto/JwtAccessTokenUtils.java | 6 +++++ 12 files changed, 95 insertions(+), 8 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/1e4a285f/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/AbstractJweDecryptingFilter.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/AbstractJweDecryptingFilter.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/AbstractJweDecryptingFilter.java index 83e00e1..f46d523 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/AbstractJweDecryptingFilter.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/AbstractJweDecryptingFilter.java @@ -27,6 +27,7 @@ import org.apache.cxf.message.Message; import org.apache.cxf.message.MessageUtils; import org.apache.cxf.rs.security.jose.jwe.JweDecryptionOutput; import org.apache.cxf.rs.security.jose.jwe.JweDecryptionProvider; +import org.apache.cxf.rs.security.jose.jwe.JweFactory; import org.apache.cxf.rs.security.jose.jwe.JweHeaders; import org.apache.cxf.rs.security.jose.jwe.JweUtils; @@ -53,6 +54,10 @@ public class AbstractJweDecryptingFilter { return decryption; } Message m = JAXRSUtils.getCurrentMessage(); + Object factory = m.getContextualProperty(JweFactory.class.getName()); + if (factory != null) { + return ((JweFactory)factory).getJweDecryptionProvider(); + } String propLoc = (String)MessageUtils.getContextualProperty(m, RSSEC_ENCRYPTION_IN_PROPS, RSSEC_ENCRYPTION_PROPS); if (propLoc == null) { http://git-wip-us.apache.org/repos/asf/cxf/blob/1e4a285f/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/AbstractJwsReaderProvider.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/AbstractJwsReaderProvider.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/AbstractJwsReaderProvider.java index 6027e60..eb6b300 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/AbstractJwsReaderProvider.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/AbstractJwsReaderProvider.java @@ -21,6 +21,7 @@ package org.apache.cxf.rs.security.jose.jaxrs; import org.apache.cxf.jaxrs.utils.JAXRSUtils; import org.apache.cxf.message.Message; import org.apache.cxf.message.MessageUtils; +import org.apache.cxf.rs.security.jose.jws.JwsFactory; import org.apache.cxf.rs.security.jose.jws.JwsSignatureVerifier; import org.apache.cxf.rs.security.jose.jws.JwsUtils; @@ -41,6 +42,10 @@ public class AbstractJwsReaderProvider { } Message m = JAXRSUtils.getCurrentMessage(); + Object factory = m.getContextualProperty(JwsFactory.class.getName()); + if (factory != null) { + return ((JwsFactory)factory).getJwsSignatureVerifier(); + } String propLoc = (String)MessageUtils.getContextualProperty(m, RSSEC_SIGNATURE_IN_PROPS, RSSEC_SIGNATURE_PROPS); if (propLoc == null) { http://git-wip-us.apache.org/repos/asf/cxf/blob/1e4a285f/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/AbstractJwsWriterProvider.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/AbstractJwsWriterProvider.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/AbstractJwsWriterProvider.java index 139f20f..fbc7b79 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/AbstractJwsWriterProvider.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/AbstractJwsWriterProvider.java @@ -29,6 +29,7 @@ import org.apache.cxf.message.Message; import org.apache.cxf.message.MessageUtils; import org.apache.cxf.rs.security.jose.JoseHeaders; import org.apache.cxf.rs.security.jose.jws.JwsCompactProducer; +import org.apache.cxf.rs.security.jose.jws.JwsFactory; import org.apache.cxf.rs.security.jose.jws.JwsSignatureProvider; import org.apache.cxf.rs.security.jose.jws.JwsUtils; @@ -47,6 +48,10 @@ public class AbstractJwsWriterProvider { return sigProvider; } Message m = JAXRSUtils.getCurrentMessage(); + Object factory = m.getContextualProperty(JwsFactory.class.getName()); + if (factory != null) { + return ((JwsFactory)factory).getJwsSignatureProvider(); + } String propLoc = (String)MessageUtils.getContextualProperty(m, RSSEC_SIGNATURE_OUT_PROPS, RSSEC_SIGNATURE_PROPS); if (propLoc == null) { http://git-wip-us.apache.org/repos/asf/cxf/blob/1e4a285f/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JweWriterInterceptor.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JweWriterInterceptor.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JweWriterInterceptor.java index a80ac67..e98c56f 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JweWriterInterceptor.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JweWriterInterceptor.java @@ -42,6 +42,7 @@ import org.apache.cxf.rs.security.jose.JoseHeadersWriter; import org.apache.cxf.rs.security.jose.jwe.JweCompactProducer; import org.apache.cxf.rs.security.jose.jwe.JweEncryptionProvider; import org.apache.cxf.rs.security.jose.jwe.JweEncryptionState; +import org.apache.cxf.rs.security.jose.jwe.JweFactory; import org.apache.cxf.rs.security.jose.jwe.JweHeaders; import org.apache.cxf.rs.security.jose.jwe.JweOutputStream; import org.apache.cxf.rs.security.jose.jwe.JweUtils; @@ -119,6 +120,10 @@ public class JweWriterInterceptor implements WriterInterceptor { return encryptionProvider; } Message m = JAXRSUtils.getCurrentMessage(); + Object factory = m.getContextualProperty(JweFactory.class.getName()); + if (factory != null) { + return ((JweFactory)factory).getJweEncryptionProvider(); + } String propLoc = (String)MessageUtils.getContextualProperty(m, RSSEC_ENCRYPTION_OUT_PROPS, RSSEC_ENCRYPTION_PROPS); if (propLoc == null) { http://git-wip-us.apache.org/repos/asf/cxf/blob/1e4a285f/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweEncryptionProvider.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweEncryptionProvider.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweEncryptionProvider.java index b685a29..addc7b6 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweEncryptionProvider.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweEncryptionProvider.java @@ -22,5 +22,8 @@ package org.apache.cxf.rs.security.jose.jwe; public interface JweEncryptionProvider extends JweKeyProperties { String encrypt(byte[] jweContent, JweHeaders jweHeaders); + /** + * Prepare JWE state (optional operation) + */ JweEncryptionState createJweEncryptionState(JweHeaders jweHeaders); } http://git-wip-us.apache.org/repos/asf/cxf/blob/1e4a285f/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweFactory.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweFactory.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweFactory.java new file mode 100644 index 0000000..16100ef --- /dev/null +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweFactory.java @@ -0,0 +1,25 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.cxf.rs.security.jose.jwe; + + +public interface JweFactory { + JweEncryptionProvider getJweEncryptionProvider(); + JweDecryptionProvider getJweDecryptionProvider(); +} http://git-wip-us.apache.org/repos/asf/cxf/blob/1e4a285f/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/AbstractJwsSignatureProvider.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/AbstractJwsSignatureProvider.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/AbstractJwsSignatureProvider.java index 4bbc22a..e2ebda5 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/AbstractJwsSignatureProvider.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/AbstractJwsSignatureProvider.java @@ -46,6 +46,12 @@ public abstract class AbstractJwsSignatureProvider implements JwsSignatureProvid return algorithm; } @Override + public byte[] sign(JoseHeaders headers, byte[] content) { + JwsSignature sig = createJwsSignature(headers); + sig.update(content, 0, content.length); + return sig.sign(); + } + @Override public JwsSignature createJwsSignature(JoseHeaders headers) { return doCreateJwsSignature(prepareHeaders(headers)); } http://git-wip-us.apache.org/repos/asf/cxf/blob/1e4a285f/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactProducer.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactProducer.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactProducer.java index b033afd..b8aee4a 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactProducer.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactProducer.java @@ -83,12 +83,10 @@ public class JwsCompactProducer { return signWith(JwsUtils.getHmacSignatureProvider(key, headers.getAlgorithm())); } - public String signWith(JwsSignatureProvider signer) { - JwsSignature worker = signer.createJwsSignature(getJoseHeaders()); - + public String signWith(JwsSignatureProvider signer) { byte[] bytes = StringUtils.toBytesUTF8(getUnsignedEncodedJws()); - worker.update(bytes, 0, bytes.length); - return setSignatureBytes(worker.sign()); + byte[] sig = signer.sign(getJoseHeaders(), bytes); + return setSignatureBytes(sig); } public String setSignatureText(String signatureText) { http://git-wip-us.apache.org/repos/asf/cxf/blob/1e4a285f/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsFactory.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsFactory.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsFactory.java new file mode 100644 index 0000000..f810660 --- /dev/null +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsFactory.java @@ -0,0 +1,25 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.cxf.rs.security.jose.jws; + + +public interface JwsFactory { + JwsSignatureProvider getJwsSignatureProvider(); + JwsSignatureVerifier getJwsSignatureVerifier(); +} http://git-wip-us.apache.org/repos/asf/cxf/blob/1e4a285f/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJsonProducer.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJsonProducer.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJsonProducer.java index 5aaee71..c9c2387 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJsonProducer.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJsonProducer.java @@ -106,12 +106,12 @@ public class JwsJsonProducer { if (unionHeaders.getAlgorithm() == null) { throw new SecurityException("Algorithm header is not set"); } - JwsSignature worker = signer.createJwsSignature(unionHeaders); String sequenceToBeSigned = protectedHeader.getEncodedHeaderEntries() + "." + getUnsignedEncodedPayload(); byte[] bytesToBeSigned = StringUtils.toBytesUTF8(sequenceToBeSigned); - worker.update(bytesToBeSigned, 0, bytesToBeSigned.length); - byte[] signatureBytes = worker.sign(); + + byte[] signatureBytes = signer.sign(unionHeaders, bytesToBeSigned); + String encodedSignatureBytes = Base64UrlUtility.encode(signatureBytes); JwsJsonSignatureEntry signature = new JwsJsonSignatureEntry(encodedPayload, http://git-wip-us.apache.org/repos/asf/cxf/blob/1e4a285f/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsSignatureProvider.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsSignatureProvider.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsSignatureProvider.java index 7dd9a0a..c6f60b9 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsSignatureProvider.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsSignatureProvider.java @@ -23,5 +23,9 @@ import org.apache.cxf.rs.security.jose.JoseHeaders; public interface JwsSignatureProvider { String getAlgorithm(); + byte[] sign(JoseHeaders headers, byte[] content); + /** + * Create a signature handler capable of updating the signature input (optional operation) + */ JwsSignature createJwsSignature(JoseHeaders headers); } http://git-wip-us.apache.org/repos/asf/cxf/blob/1e4a285f/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/JwtAccessTokenUtils.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/JwtAccessTokenUtils.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/JwtAccessTokenUtils.java index 84be13a..d31e9f2 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/JwtAccessTokenUtils.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/JwtAccessTokenUtils.java @@ -126,6 +126,12 @@ public final class JwtAccessTokenUtils { public JwsSignature createJwsSignature(JoseHeaders headers) { return new NoneJwsSignature(); } + + @Override + public byte[] sign(JoseHeaders headers, byte[] content) { + // TODO Auto-generated method stub + return null; + } } private static class NoneJwsSignature implements JwsSignature {