Return-Path: X-Original-To: apmail-cxf-commits-archive@www.apache.org Delivered-To: apmail-cxf-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id B9E17186A3 for ; Wed, 29 Apr 2015 11:44:02 +0000 (UTC) Received: (qmail 62135 invoked by uid 500); 29 Apr 2015 11:44:02 -0000 Delivered-To: apmail-cxf-commits-archive@cxf.apache.org Received: (qmail 62067 invoked by uid 500); 29 Apr 2015 11:44:02 -0000 Mailing-List: contact commits-help@cxf.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cxf.apache.org Delivered-To: mailing list commits@cxf.apache.org Received: (qmail 62052 invoked by uid 99); 29 Apr 2015 11:44:02 -0000 Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org) (140.211.11.23) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 29 Apr 2015 11:44:02 +0000 Received: by git1-us-west.apache.org (ASF Mail Server at git1-us-west.apache.org, from userid 33) id 32BDBE008F; Wed, 29 Apr 2015 11:44:02 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: sergeyb@apache.org To: commits@cxf.apache.org Message-Id: <7ba89c5032d54fa9a9efce99ea5fbefc@git.apache.org> X-Mailer: ASF-Git Admin Mailer Subject: cxf git commit: Minor update to JWE code in preparation for supporting direct ecdh Date: Wed, 29 Apr 2015 11:44:02 +0000 (UTC) Repository: cxf Updated Branches: refs/heads/master d71a3e76c -> 0ce334ef4 Minor update to JWE code in preparation for supporting direct ecdh Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/0ce334ef Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/0ce334ef Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/0ce334ef Branch: refs/heads/master Commit: 0ce334ef4cc93c9252486cfe58fead2c02cf877b Parents: d71a3e7 Author: Sergey Beryozkin Authored: Wed Apr 29 12:43:43 2015 +0100 Committer: Sergey Beryozkin Committed: Wed Apr 29 12:43:43 2015 +0100 ---------------------------------------------------------------------- .../rs/security/jose/jwa/AlgorithmUtils.java | 7 +++++-- .../jose/jwe/EcdhDirectKeyJweEncryption.java | 5 +++++ .../cxf/rs/security/jose/jwe/JweUtils.java | 22 ++++---------------- 3 files changed, 14 insertions(+), 20 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/0ce334ef/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/AlgorithmUtils.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/AlgorithmUtils.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/AlgorithmUtils.java index 22d7908..96eb27e 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/AlgorithmUtils.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/AlgorithmUtils.java @@ -124,7 +124,7 @@ public final class AlgorithmUtils { public static final Set PBES_HS_SET = new HashSet(Arrays.asList(PBES2_HS256_A128KW_ALGO, PBES2_HS384_A192KW_ALGO, PBES2_HS512_A256KW_ALGO)); - public static final Set ECDH_ES_SET = new HashSet(Arrays.asList(ECDH_ES_A128KW_ALGO, + public static final Set ECDH_ES_WRAP_SET = new HashSet(Arrays.asList(ECDH_ES_A128KW_ALGO, ECDH_ES_A192KW_ALGO, ECDH_ES_A256KW_ALGO)); @@ -210,7 +210,10 @@ public final class AlgorithmUtils { return PBES_HS_SET.contains(algo); } public static boolean isEcdhEsWrap(String algo) { - return ECDH_ES_SET.contains(algo); + return ECDH_ES_WRAP_SET.contains(algo); + } + public static boolean isEcdhEsDirect(String algo) { + return ECDH_ES_DIRECT_ALGO.equals(algo); } public static boolean isAesGcm(String algo) { return AES_GCM_CEK_SET.contains(algo); http://git-wip-us.apache.org/repos/asf/cxf/blob/0ce334ef/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/EcdhDirectKeyJweEncryption.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/EcdhDirectKeyJweEncryption.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/EcdhDirectKeyJweEncryption.java index c1e3eef..210c597 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/EcdhDirectKeyJweEncryption.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/EcdhDirectKeyJweEncryption.java @@ -33,6 +33,11 @@ import org.apache.cxf.rs.security.jose.jwk.JwkUtils; public class EcdhDirectKeyJweEncryption extends JweEncryption { public EcdhDirectKeyJweEncryption(ECPublicKey peerPublicKey, String curve, + ContentAlgorithm ctAlgo) { + this(peerPublicKey, curve, null, null, ctAlgo); + } + public EcdhDirectKeyJweEncryption(ECPublicKey peerPublicKey, + String curve, String apuString, String apvString, ContentAlgorithm ctAlgo) { http://git-wip-us.apache.org/repos/asf/cxf/blob/0ce334ef/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java index c4d4764..f8e2f20 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java @@ -228,14 +228,7 @@ public final class JweUtils { return ContentAlgorithm.getAlgorithm(algo); } public static JweEncryption getDirectKeyJweEncryption(JsonWebKey key) { - if (AlgorithmUtils.isAesCbcHmac(key.getAlgorithm())) { - return new AesCbcHmacJweEncryption(getContentAlgo(key.getAlgorithm()), - JwkUtils.toSecretKey(key).getEncoded(), - null, new DirectKeyEncryptionAlgorithm()); - } else { - return new JweEncryption(new DirectKeyEncryptionAlgorithm(), - getContentEncryptionAlgorithm(key, key.getAlgorithm())); - } + return getDirectKeyJweEncryption(JwkUtils.toSecretKey(key), key.getAlgorithm()); } public static JweEncryption getDirectKeyJweEncryption(SecretKey key, String algorithm) { if (AlgorithmUtils.isAesCbcHmac(algorithm)) { @@ -246,6 +239,9 @@ public final class JweUtils { getContentEncryptionAlgorithm(key, algorithm)); } } + public static JweDecryption getDirectKeyJweDecryption(JsonWebKey key) { + return getDirectKeyJweDecryption(JwkUtils.toSecretKey(key), key.getAlgorithm()); + } public static JweDecryption getDirectKeyJweDecryption(SecretKey key, String algorithm) { if (AlgorithmUtils.isAesCbcHmac(algorithm)) { return new AesCbcHmacJweDecryption(new DirectKeyDecryptionAlgorithm(key), getContentAlgo(algorithm)); @@ -254,16 +250,6 @@ public final class JweUtils { getContentDecryptionAlgorithm(algorithm)); } } - public static JweDecryption getDirectKeyJweDecryption(JsonWebKey key) { - if (AlgorithmUtils.isAesCbcHmac(key.getAlgorithm())) { - return new AesCbcHmacJweDecryption( - new DirectKeyDecryptionAlgorithm(JwkUtils.toSecretKey(key).getEncoded()), - getContentAlgo(key.getAlgorithm())); - } else { - return new JweDecryption(new DirectKeyDecryptionAlgorithm(JwkUtils.toSecretKey(key)), - getContentDecryptionAlgorithm(key.getAlgorithm())); - } - } public static JweEncryptionProvider loadEncryptionProvider(boolean required) { return loadEncryptionProvider(null, required); }