cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject cxf git commit: Adding an RSA 1_5 JWE test
Date Thu, 11 Dec 2014 12:35:09 GMT
Repository: cxf
Updated Branches:
  refs/heads/3.0.x-fixes 207d64cb3 -> ecf962521


Adding an RSA 1_5 JWE test


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/ecf96252
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/ecf96252
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/ecf96252

Branch: refs/heads/3.0.x-fixes
Commit: ecf96252126fe63cbe1038c0ac9f407a53478c31
Parents: 207d64c
Author: Sergey Beryozkin <sberyozkin@talend.com>
Authored: Thu Dec 11 12:33:44 2014 +0000
Committer: Sergey Beryozkin <sberyozkin@talend.com>
Committed: Thu Dec 11 12:34:51 2014 +0000

----------------------------------------------------------------------
 .../cxf/rs/security/jose/jwa/Algorithm.java     | 20 ++++++---
 .../jose/jwe/AesWrapKeyDecryptionAlgorithm.java |  6 ++-
 .../cxf/rs/security/jose/jwe/JweUtils.java      |  4 +-
 .../PbesHmacAesWrapKeyDecryptionAlgorithm.java  |  6 ++-
 .../PbesHmacAesWrapKeyEncryptionAlgorithm.java  | 10 +----
 .../jose/jwe/RSAKeyDecryptionAlgorithm.java     | 45 ++++++++++++++++++++
 .../jose/jwe/RSAKeyEncryptionAlgorithm.java     | 33 ++++++++++++++
 .../jose/jwe/RSAOaepKeyDecryptionAlgorithm.java | 45 --------------------
 .../jose/jwe/RSAOaepKeyEncryptionAlgorithm.java | 39 -----------------
 .../jose/jwe/WrappedKeyDecryptionAlgorithm.java |  3 +-
 .../jose/jwe/JweCompactReaderWriterTest.java    | 32 +++++++++++++-
 11 files changed, 138 insertions(+), 105 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/ecf96252/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/Algorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/Algorithm.java
b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/Algorithm.java
index c356bad..6de807d 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/Algorithm.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/Algorithm.java
@@ -93,12 +93,13 @@ public enum Algorithm {
     public static final Set<String> EC_SHA_SIGN_SET = new HashSet<String>(Arrays.asList(JoseConstants.ES_SHA_256_ALGO,
                                                                          JoseConstants.ES_SHA_384_ALGO,
                                                                          JoseConstants.ES_SHA_512_ALGO));
-    public static final Set<String> RSA_OAEP_CEK_SET = new HashSet<String>(Arrays.asList(JoseConstants.RSA_OAEP_ALGO,
-                                                                               JoseConstants.RSA_OAEP_256_ALGO));
+    public static final Set<String> RSA_CEK_SET = new HashSet<String>(Arrays.asList(JoseConstants.RSA_OAEP_ALGO,
+                                                                                    JoseConstants.RSA_OAEP_256_ALGO,
+                                                                                    JoseConstants.RSA_1_5_ALGO));
     public static final Set<String> AES_GCM_CEK_SET = new HashSet<String>(Arrays.asList(JoseConstants.A128GCM_ALGO,
                                                                                         JoseConstants.A192GCM_ALGO,
                                                                                         JoseConstants.A256GCM_ALGO));
-    public static final Set<String> AES_GCM_KW_SET = new HashSet<String>(Arrays.asList(JoseConstants.A192GCMKW_ALGO,
+    public static final Set<String> AES_GCM_KW_SET = new HashSet<String>(Arrays.asList(JoseConstants.A128GCMKW_ALGO,
                                                                                         JoseConstants.A192GCMKW_ALGO,
                                                                                         JoseConstants.A256GCMKW_ALGO));
     public static final Set<String> AES_KW_SET = new HashSet<String>(Arrays.asList(JoseConstants.A128KW_ALGO,
@@ -108,6 +109,10 @@ public enum Algorithm {
         new HashSet<String>(Arrays.asList(JoseConstants.A128CBC_HS256_ALGO,
                                           JoseConstants.A192CBC_HS384_ALGO,
                                           JoseConstants.A256CBC_HS512_ALGO));
+    public static final Set<String> PBES_HS_SET = 
+        new HashSet<String>(Arrays.asList(PBES2_HS256_A128KW.getJwtName(),
+                                          PBES2_HS384_A192KW.getJwtName(),
+                                          PBES2_HS512_A256KW.getJwtName()));
     
     private static final Map<String, String> JAVA_TO_JWT_NAMES;
     private static final Map<String, String> JWT_TO_JAVA_NAMES;
@@ -216,10 +221,10 @@ public enum Algorithm {
         return javaName;
     }
     public static boolean isRsa(String algo) {
-        return isRsaOaep(algo) || isRsaShaSign(algo);
+        return isRsa(algo) || isRsaShaSign(algo);
     }
-    public static boolean isRsaOaep(String algo) {
-        return RSA_OAEP_CEK_SET.contains(algo);
+    public static boolean isRsaKeyWrap(String algo) {
+        return RSA_CEK_SET.contains(algo);
     }
     public static boolean isAesKeyWrap(String algo) {
         return AES_KW_SET.contains(algo);
@@ -227,6 +232,9 @@ public enum Algorithm {
     public static boolean isAesGcmKeyWrap(String algo) {
         return AES_GCM_KW_SET.contains(algo);
     }
+    public static boolean isPbesHsWrap(String algo) {
+        return PBES_HS_SET.contains(algo); 
+    }
     public static boolean isAesGcm(String algo) {
         return AES_GCM_CEK_SET.contains(algo);
     }

http://git-wip-us.apache.org/repos/asf/cxf/blob/ecf96252/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesWrapKeyDecryptionAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesWrapKeyDecryptionAlgorithm.java
b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesWrapKeyDecryptionAlgorithm.java
index 3ba6919..8871f06 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesWrapKeyDecryptionAlgorithm.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesWrapKeyDecryptionAlgorithm.java
@@ -45,9 +45,13 @@ public class AesWrapKeyDecryptionAlgorithm extends WrappedKeyDecryptionAlgorithm
     @Override
     protected void validateKeyEncryptionAlgorithm(String keyAlgo) {
         super.validateKeyEncryptionAlgorithm(keyAlgo);
-        if (!Algorithm.isAesKeyWrap(keyAlgo)) {
+        if (!isValidAlgorithmFamily(keyAlgo)) {
             throw new SecurityException();
         }
     }
     
+    protected boolean isValidAlgorithmFamily(String keyAlgo) {
+        return Algorithm.isAesKeyWrap(keyAlgo);
+    }
+    
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/ecf96252/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
index ad05e0f..ec0a69c 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
@@ -121,7 +121,7 @@ public final class JweUtils {
         return keyEncryptionProvider;
     }
     public static KeyEncryptionAlgorithm getRSAKeyEncryptionAlgorithm(RSAPublicKey key, String
algo) {
-        return new RSAOaepKeyEncryptionAlgorithm(key, algo);
+        return new RSAKeyEncryptionAlgorithm(key, algo);
     }
     public static KeyEncryptionAlgorithm getSecretKeyEncryptionAlgorithm(SecretKey key, String
algo) {
         if (Algorithm.isAesKeyWrap(algo)) {
@@ -150,7 +150,7 @@ public final class JweUtils {
         return keyDecryptionProvider;
     }
     public static KeyDecryptionAlgorithm getRSAKeyDecryptionAlgorithm(RSAPrivateKey key,
String algo) {
-        return new RSAOaepKeyDecryptionAlgorithm(key, algo);
+        return new RSAKeyDecryptionAlgorithm(key, algo);
     }
     public static KeyDecryptionAlgorithm getSecretKeyDecryptionAlgorithm(SecretKey key, String
algo) {
         if (Algorithm.isAesKeyWrap(algo)) {

http://git-wip-us.apache.org/repos/asf/cxf/blob/ecf96252/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/PbesHmacAesWrapKeyDecryptionAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/PbesHmacAesWrapKeyDecryptionAlgorithm.java
b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/PbesHmacAesWrapKeyDecryptionAlgorithm.java
index f5f4c99..3fb8cb9 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/PbesHmacAesWrapKeyDecryptionAlgorithm.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/PbesHmacAesWrapKeyDecryptionAlgorithm.java
@@ -51,7 +51,11 @@ public class PbesHmacAesWrapKeyDecryptionAlgorithm implements KeyDecryptionAlgor
         int keySize = PbesHmacAesWrapKeyEncryptionAlgorithm.getKeySize(keyAlgoJwt);
         byte[] derivedKey = PbesHmacAesWrapKeyEncryptionAlgorithm
             .createDerivedKey(keyAlgoJwt, keySize, password, saltInput, pbesCount);
-        KeyDecryptionAlgorithm aesWrap = new AesWrapKeyDecryptionAlgorithm(derivedKey);
+        KeyDecryptionAlgorithm aesWrap = new AesWrapKeyDecryptionAlgorithm(derivedKey) {
+            protected boolean isValidAlgorithmFamily(String wrapAlgo) {
+                return Algorithm.isPbesHsWrap(wrapAlgo);
+            }    
+        };
         return aesWrap.getDecryptedContentEncryptionKey(consumer);
     }    
     private byte[] getDecodedBytes(JweCompactConsumer consumer, String headerName) {

http://git-wip-us.apache.org/repos/asf/cxf/blob/ecf96252/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/PbesHmacAesWrapKeyEncryptionAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/PbesHmacAesWrapKeyEncryptionAlgorithm.java
b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/PbesHmacAesWrapKeyEncryptionAlgorithm.java
index f6464e0..2089859 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/PbesHmacAesWrapKeyEncryptionAlgorithm.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/PbesHmacAesWrapKeyEncryptionAlgorithm.java
@@ -21,11 +21,8 @@ package org.apache.cxf.rs.security.jose.jwe;
 import java.nio.ByteBuffer;
 import java.nio.CharBuffer;
 import java.nio.charset.Charset;
-import java.util.Arrays;
 import java.util.HashMap;
-import java.util.HashSet;
 import java.util.Map;
-import java.util.Set;
 
 import org.apache.cxf.common.util.Base64UrlUtility;
 import org.apache.cxf.common.util.StringUtils;
@@ -39,10 +36,7 @@ import org.bouncycastle.crypto.generators.PKCS5S2ParametersGenerator;
 import org.bouncycastle.crypto.params.KeyParameter;
 
 public class PbesHmacAesWrapKeyEncryptionAlgorithm implements KeyEncryptionAlgorithm {
-    private static final Set<String> SUPPORTED_ALGORITHMS = new HashSet<String>(
-        Arrays.asList(Algorithm.PBES2_HS256_A128KW.getJwtName(),
-                      Algorithm.PBES2_HS384_A192KW.getJwtName(),
-                      Algorithm.PBES2_HS512_A256KW.getJwtName()));
+    
     private static final Map<String, Integer> PBES_HMAC_MAP;
     private static final Map<String, String> PBES_AES_MAP;
     private static final Map<String, Integer> DERIVED_KEY_SIZE_MAP;
@@ -140,7 +134,7 @@ public class PbesHmacAesWrapKeyEncryptionAlgorithm implements KeyEncryptionAlgor
         return saltValue;
     }
     static String validateKeyAlgorithm(String algo) {
-        if (!SUPPORTED_ALGORITHMS.contains(algo)) {
+        if (!Algorithm.isPbesHsWrap(algo)) {
             throw new SecurityException();
         }
         return algo;

http://git-wip-us.apache.org/repos/asf/cxf/blob/ecf96252/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/RSAKeyDecryptionAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/RSAKeyDecryptionAlgorithm.java
b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/RSAKeyDecryptionAlgorithm.java
new file mode 100644
index 0000000..5bacb6e
--- /dev/null
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/RSAKeyDecryptionAlgorithm.java
@@ -0,0 +1,45 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.jose.jwe;
+
+import java.security.interfaces.RSAPrivateKey;
+
+import org.apache.cxf.rs.security.jose.jwa.Algorithm;
+
+public class RSAKeyDecryptionAlgorithm extends WrappedKeyDecryptionAlgorithm {
+    public RSAKeyDecryptionAlgorithm(RSAPrivateKey privateKey) {    
+        this(privateKey, null);
+    }
+    public RSAKeyDecryptionAlgorithm(RSAPrivateKey privateKey, String supportedAlgo) {  
 
+        this(privateKey, supportedAlgo, true);
+    }
+    public RSAKeyDecryptionAlgorithm(RSAPrivateKey privateKey, String supportedAlgo, boolean
unwrap) {    
+        super(privateKey, supportedAlgo, unwrap);
+    }
+    protected int getKeyCipherBlockSize() {
+        return ((RSAPrivateKey)getCekDecryptionKey()).getModulus().toByteArray().length;
+    }
+    @Override
+    protected void validateKeyEncryptionAlgorithm(String keyAlgo) {
+        super.validateKeyEncryptionAlgorithm(keyAlgo);
+        if (!Algorithm.isRsaKeyWrap(keyAlgo)) {
+            throw new SecurityException();
+        }
+    }
+}

http://git-wip-us.apache.org/repos/asf/cxf/blob/ecf96252/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/RSAKeyEncryptionAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/RSAKeyEncryptionAlgorithm.java
b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/RSAKeyEncryptionAlgorithm.java
new file mode 100644
index 0000000..dee0a2c
--- /dev/null
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/RSAKeyEncryptionAlgorithm.java
@@ -0,0 +1,33 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.jose.jwe;
+
+import java.security.interfaces.RSAPublicKey;
+
+import org.apache.cxf.rs.security.jose.jwa.Algorithm;
+
+public class RSAKeyEncryptionAlgorithm extends AbstractWrapKeyEncryptionAlgorithm {
+    public RSAKeyEncryptionAlgorithm(RSAPublicKey publicKey, String jweAlgo) {
+        this(publicKey, jweAlgo, true);
+    }
+    public RSAKeyEncryptionAlgorithm(RSAPublicKey publicKey, String jweAlgo, boolean wrap)
{
+        super(publicKey, jweAlgo, wrap, Algorithm.RSA_CEK_SET);
+    }
+    
+}

http://git-wip-us.apache.org/repos/asf/cxf/blob/ecf96252/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/RSAOaepKeyDecryptionAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/RSAOaepKeyDecryptionAlgorithm.java
b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/RSAOaepKeyDecryptionAlgorithm.java
deleted file mode 100644
index a0ea63d..0000000
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/RSAOaepKeyDecryptionAlgorithm.java
+++ /dev/null
@@ -1,45 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jwe;
-
-import java.security.interfaces.RSAPrivateKey;
-
-import org.apache.cxf.rs.security.jose.jwa.Algorithm;
-
-public class RSAOaepKeyDecryptionAlgorithm extends WrappedKeyDecryptionAlgorithm {
-    public RSAOaepKeyDecryptionAlgorithm(RSAPrivateKey privateKey) {    
-        this(privateKey, null);
-    }
-    public RSAOaepKeyDecryptionAlgorithm(RSAPrivateKey privateKey, String supportedAlgo)
{    
-        this(privateKey, supportedAlgo, true);
-    }
-    public RSAOaepKeyDecryptionAlgorithm(RSAPrivateKey privateKey, String supportedAlgo,
boolean unwrap) {    
-        super(privateKey, supportedAlgo, unwrap);
-    }
-    protected int getKeyCipherBlockSize() {
-        return ((RSAPrivateKey)getCekDecryptionKey()).getModulus().toByteArray().length;
-    }
-    @Override
-    protected void validateKeyEncryptionAlgorithm(String keyAlgo) {
-        super.validateKeyEncryptionAlgorithm(keyAlgo);
-        if (!Algorithm.isRsaOaep(keyAlgo)) {
-            throw new SecurityException();
-        }
-    }
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/ecf96252/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/RSAOaepKeyEncryptionAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/RSAOaepKeyEncryptionAlgorithm.java
b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/RSAOaepKeyEncryptionAlgorithm.java
deleted file mode 100644
index b658e36..0000000
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/RSAOaepKeyEncryptionAlgorithm.java
+++ /dev/null
@@ -1,39 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jwe;
-
-import java.security.interfaces.RSAPublicKey;
-import java.util.Arrays;
-import java.util.HashSet;
-import java.util.Set;
-
-import org.apache.cxf.rs.security.jose.jwa.Algorithm;
-
-public class RSAOaepKeyEncryptionAlgorithm extends AbstractWrapKeyEncryptionAlgorithm {
-    private static final Set<String> SUPPORTED_ALGORITHMS = new HashSet<String>(
-        Arrays.asList(Algorithm.RSA_OAEP.getJwtName(),
-                      Algorithm.RSA_OAEP_256.getJwtName()));
-    public RSAOaepKeyEncryptionAlgorithm(RSAPublicKey publicKey, String jweAlgo) {
-        this(publicKey, jweAlgo, true);
-    }
-    public RSAOaepKeyEncryptionAlgorithm(RSAPublicKey publicKey, String jweAlgo, boolean
wrap) {
-        super(publicKey, jweAlgo, wrap, SUPPORTED_ALGORITHMS);
-    }
-    
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/ecf96252/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/WrappedKeyDecryptionAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/WrappedKeyDecryptionAlgorithm.java
b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/WrappedKeyDecryptionAlgorithm.java
index 6608436..3775ef7 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/WrappedKeyDecryptionAlgorithm.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/WrappedKeyDecryptionAlgorithm.java
@@ -63,10 +63,11 @@ public class WrappedKeyDecryptionAlgorithm implements KeyDecryptionAlgorithm
{
     }
     protected String getKeyEncryptionAlgorithm(JweCompactConsumer consumer) {
         String keyAlgo = consumer.getJweHeaders().getKeyEncryptionAlgorithm();
+        validateKeyEncryptionAlgorithm(keyAlgo);
         return Algorithm.toJavaName(keyAlgo);
     }
     protected void validateKeyEncryptionAlgorithm(String keyAlgo) {
-        if (keyAlgo == null || supportedAlgo != null && supportedAlgo.equals(keyAlgo))
{
+        if (keyAlgo == null || supportedAlgo != null && !supportedAlgo.equals(keyAlgo))
{
             throw new SecurityException();
         }
     }

http://git-wip-us.apache.org/repos/asf/cxf/blob/ecf96252/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweCompactReaderWriterTest.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweCompactReaderWriterTest.java
b/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweCompactReaderWriterTest.java
index abf6e5a..b3be0a6 100644
--- a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweCompactReaderWriterTest.java
+++ b/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweCompactReaderWriterTest.java
@@ -31,6 +31,7 @@ import org.apache.cxf.rs.security.jose.JoseConstants;
 import org.apache.cxf.rs.security.jose.jwa.Algorithm;
 import org.apache.cxf.rs.security.jose.jws.JwsCompactReaderWriterTest;
 import org.bouncycastle.jce.provider.BouncyCastleProvider;
+
 import org.junit.AfterClass;
 import org.junit.Assert;
 import org.junit.BeforeClass;
@@ -115,6 +116,33 @@ public class JweCompactReaderWriterTest extends Assert {
         assertEquals(specPlainText, decryptedText);
     }
     @Test
+    public void testEncryptDecryptRSA15WrapA128CBCHS256() throws Exception {
+        final String specPlainText = "Live long and prosper.";
+        JweHeaders headers = new JweHeaders();
+        headers.setAlgorithm(Algorithm.RSA_1_5.getJwtName());
+        headers.setContentEncryptionAlgorithm(Algorithm.A128CBC_HS256.getJwtName());
+        
+        RSAPublicKey publicKey = CryptoUtils.getRSAPublicKey(RSA_MODULUS_ENCODED_A1, 
+                                                             RSA_PUBLIC_EXPONENT_ENCODED_A1);
+        
+        KeyEncryptionAlgorithm keyEncryption = new RSAKeyEncryptionAlgorithm(publicKey, 
+                                                       Algorithm.RSA_1_5.getJwtName());
+        
+        JweEncryptionProvider encryption = new AesCbcHmacJweEncryption(headers,
+                                                           CONTENT_ENCRYPTION_KEY_A3, 
+                                                           INIT_VECTOR_A3,
+                                                           keyEncryption);
+        String jweContent = encryption.encrypt(specPlainText.getBytes("UTF-8"), null);
+        
+        RSAPrivateKey privateKey = CryptoUtils.getRSAPrivateKey(RSA_MODULUS_ENCODED_A1, 
+                                                                RSA_PRIVATE_EXPONENT_ENCODED_A1);
+        KeyDecryptionAlgorithm keyDecryption = new RSAKeyDecryptionAlgorithm(privateKey,
+                                                                                 Algorithm.RSA_1_5.getJwtName());
+        JweDecryptionProvider decryption = new AesCbcHmacJweDecryption(keyDecryption);
+        String decryptedText = decryption.decrypt(jweContent).getContentText();
+        assertEquals(specPlainText, decryptedText);
+    }
+    @Test
     public void testEncryptDecryptAesGcmWrapA128CBCHS256() throws Exception {
         //
         // This test fails with the IBM JDK
@@ -177,7 +205,7 @@ public class JweCompactReaderWriterTest extends Assert {
         } else {
             jwtKeyName = Algorithm.toJwtName(key.getAlgorithm(), key.getEncoded().length
* 8);
         }
-        KeyEncryptionAlgorithm keyEncryptionAlgo = new RSAOaepKeyEncryptionAlgorithm(publicKey,

+        KeyEncryptionAlgorithm keyEncryptionAlgo = new RSAKeyEncryptionAlgorithm(publicKey,

                                                        Algorithm.RSA_OAEP.getJwtName());

         ContentEncryptionAlgorithm contentEncryptionAlgo = 
             new AesGcmContentEncryptionAlgorithm(key == null ? null : key.getEncoded(), INIT_VECTOR_A1,
jwtKeyName);
@@ -194,7 +222,7 @@ public class JweCompactReaderWriterTest extends Assert {
                                                                 RSA_PRIVATE_EXPONENT_ENCODED_A1);
         String algo = Cipher.getMaxAllowedKeyLength("AES") > 128 
             ? JoseConstants.A256GCM_ALGO : JoseConstants.A128GCM_ALGO; 
-        JweDecryptionProvider decryptor = new WrappedKeyJweDecryption(new RSAOaepKeyDecryptionAlgorithm(privateKey),
+        JweDecryptionProvider decryptor = new WrappedKeyJweDecryption(new RSAKeyDecryptionAlgorithm(privateKey),
                                               new AesGcmContentDecryptionAlgorithm(algo));
         String decryptedText = decryptor.decrypt(jweContent).getContentText();
         assertEquals(decryptedText, plainContent);


Mime
View raw message