cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject cxf git commit: Simple BC bean helper plus minor JWE updates
Date Thu, 18 Jun 2015 13:05:16 GMT
Repository: cxf
Updated Branches:
  refs/heads/3.0.x-fixes a83b3680b -> aa85f5f4e


Simple BC bean helper plus minor JWE updates


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/aa85f5f4
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/aa85f5f4
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/aa85f5f4

Branch: refs/heads/3.0.x-fixes
Commit: aa85f5f4e1c212c1cc74d21368ef09c2f886ebba
Parents: a83b368
Author: Sergey Beryozkin <sberyozkin@talend.com>
Authored: Thu Jun 18 14:01:47 2015 +0100
Committer: Sergey Beryozkin <sberyozkin@talend.com>
Committed: Thu Jun 18 14:04:58 2015 +0100

----------------------------------------------------------------------
 .../jose/jwe/AbstractJweEncryption.java         | 11 ++++++-
 .../cxf/rs/security/jose/jwe/JweUtils.java      | 12 ++++----
 .../security/crypto/BouncyCastleInstaller.java  | 31 ++++++++++++++++++++
 .../cxf/rt/security/crypto/CryptoUtils.java     | 12 ++++++++
 4 files changed, 59 insertions(+), 7 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/aa85f5f4/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweEncryption.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweEncryption.java
b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweEncryption.java
index dee590c..20b8eae 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweEncryption.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweEncryption.java
@@ -18,6 +18,7 @@
  */
 package org.apache.cxf.rs.security.jose.jwe;
 
+import java.security.NoSuchAlgorithmException;
 import java.security.spec.AlgorithmParameterSpec;
 import java.util.Arrays;
 import java.util.logging.Logger;
@@ -124,7 +125,15 @@ public abstract class AbstractJweEncryption implements JweEncryptionProvider
{
                                       authTag);
     }
     protected byte[] encryptInternal(JweEncryptionInternal state, byte[] content) {
-        return CryptoUtils.encryptBytes(content, createCekSecretKey(state), state.keyProps);
+        try {
+            return CryptoUtils.encryptBytes(content, createCekSecretKey(state), state.keyProps);
+        } catch (SecurityException ex) {
+            if (ex.getCause() instanceof NoSuchAlgorithmException) {
+                LOG.warning("Unsupported algorithm: " + state.keyProps.getKeyAlgo());
+                throw new JweException(JweException.Error.INVALID_CONTENT_ALGORITHM);
+            }
+            throw new JweException(JweException.Error.CONTENT_ENCRYPTION_FAILURE);
+        }
     }
     protected byte[] getActualCipher(byte[] cipher) {
         return Arrays.copyOf(cipher, cipher.length - DEFAULT_AUTH_TAG_LENGTH / 8);

http://git-wip-us.apache.org/repos/asf/cxf/blob/aa85f5f4/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
index 61f6680..c0b7317 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
@@ -226,7 +226,7 @@ public final class JweUtils {
     public static SecretKey getContentDecryptionSecretKey(JsonWebKey jwk, String defaultAlgorithm)
{
         String ctEncryptionAlgo = jwk.getAlgorithm() == null ? defaultAlgorithm : jwk.getAlgorithm();
         KeyType keyType = jwk.getKeyType();
-        if (KeyType.RSA == keyType && AlgorithmUtils.isAesGcm(ctEncryptionAlgo))
{
+        if (KeyType.OCTET == keyType && AlgorithmUtils.isAesGcm(ctEncryptionAlgo))
{
             return JwkUtils.toSecretKey(jwk);
         }
         return null;
@@ -283,12 +283,12 @@ public final class JweUtils {
         ContentEncryptionProvider ctEncryptionProvider = null;
         if (JwkUtils.JWK_KEY_STORE_TYPE.equals(props.get(KeyManagementUtils.RSSEC_KEY_STORE_TYPE)))
{
             JsonWebKey jwk = JwkUtils.loadJsonWebKey(m, props, KeyOperation.ENCRYPT);
-            keyEncryptionAlgo = getKeyEncryptionAlgo(m, props, jwk.getAlgorithm(), 
-                                                     getDefaultKeyAlgo(jwk));
             if ("direct".equals(keyEncryptionAlgo)) {
                 contentEncryptionAlgo = getContentEncryptionAlgo(m, props, jwk.getAlgorithm());
                 ctEncryptionProvider = getContentEncryptionAlgorithm(jwk, contentEncryptionAlgo);
             } else {
+                keyEncryptionAlgo = getKeyEncryptionAlgo(m, props, jwk.getAlgorithm(), 
+                                                         getDefaultKeyAlgo(jwk));
                 keyEncryptionProvider = getKeyEncryptionProvider(jwk, keyEncryptionAlgo);
                 if (reportPublicKey || reportPublicKeyId) {
                     JwkUtils.setPublicKeyInfo(jwk, headers, keyEncryptionAlgo, 
@@ -338,12 +338,12 @@ public final class JweUtils {
         } else {
             if (JwkUtils.JWK_KEY_STORE_TYPE.equals(props.get(KeyManagementUtils.RSSEC_KEY_STORE_TYPE)))
{
                 JsonWebKey jwk = JwkUtils.loadJsonWebKey(m, props, KeyOperation.DECRYPT);
-                keyEncryptionAlgo = getKeyEncryptionAlgo(m, props, jwk.getAlgorithm(),
-                                                         getDefaultKeyAlgo(jwk));
                 if ("direct".equals(keyEncryptionAlgo)) {
-                    contentEncryptionAlgo = getContentEncryptionAlgo(m, props, contentEncryptionAlgo);
+                    contentEncryptionAlgo = getContentEncryptionAlgo(m, props, jwk.getAlgorithm());
                     ctDecryptionKey = getContentDecryptionSecretKey(jwk, contentEncryptionAlgo);
                 } else {
+                    keyEncryptionAlgo = getKeyEncryptionAlgo(m, props, jwk.getAlgorithm(),
+                                                             getDefaultKeyAlgo(jwk));
                     keyDecryptionProvider = getKeyDecryptionAlgorithm(jwk, keyEncryptionAlgo);
                 }
             } else {

http://git-wip-us.apache.org/repos/asf/cxf/blob/aa85f5f4/rt/security/src/main/java/org/apache/cxf/rt/security/crypto/BouncyCastleInstaller.java
----------------------------------------------------------------------
diff --git a/rt/security/src/main/java/org/apache/cxf/rt/security/crypto/BouncyCastleInstaller.java
b/rt/security/src/main/java/org/apache/cxf/rt/security/crypto/BouncyCastleInstaller.java
new file mode 100644
index 0000000..3965644
--- /dev/null
+++ b/rt/security/src/main/java/org/apache/cxf/rt/security/crypto/BouncyCastleInstaller.java
@@ -0,0 +1,31 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rt.security.crypto;
+
+/**
+ * Simple helper for dynamically registering BouncyCastle inside a Blueprint or Spring context
+ */
+public class BouncyCastleInstaller {
+    public void install() throws Exception { 
+        CryptoUtils.installBouncyCastleProvider();
+    }
+    public void uninstall() { 
+        CryptoUtils.removeBouncyCastleProvider();
+    }
+}

http://git-wip-us.apache.org/repos/asf/cxf/blob/aa85f5f4/rt/security/src/main/java/org/apache/cxf/rt/security/crypto/CryptoUtils.java
----------------------------------------------------------------------
diff --git a/rt/security/src/main/java/org/apache/cxf/rt/security/crypto/CryptoUtils.java
b/rt/security/src/main/java/org/apache/cxf/rt/security/crypto/CryptoUtils.java
index 4893137..4ff2476 100644
--- a/rt/security/src/main/java/org/apache/cxf/rt/security/crypto/CryptoUtils.java
+++ b/rt/security/src/main/java/org/apache/cxf/rt/security/crypto/CryptoUtils.java
@@ -30,8 +30,10 @@ import java.security.KeyPair;
 import java.security.KeyPairGenerator;
 import java.security.KeyStore;
 import java.security.PrivateKey;
+import java.security.Provider;
 import java.security.PublicKey;
 import java.security.SecureRandom;
+import java.security.Security;
 import java.security.Signature;
 import java.security.cert.Certificate;
 import java.security.cert.CertificateFactory;
@@ -70,6 +72,16 @@ public final class CryptoUtils {
     private CryptoUtils() {
     }
     
+    public static void installBouncyCastleProvider() throws Exception {
+        final String bcClassName = "org.bouncycastle.jce.provider.BouncyCastleProvider";
+        if (Security.getProvider(bcClassName) == null) {
+            Security.addProvider((Provider)ClassLoaderUtils.loadClass(bcClassName, CryptoUtils.class).newInstance());
+        }
+    }
+    public static void removeBouncyCastleProvider() {
+        Security.removeProvider("org.bouncycastle.jce.provider.BouncyCastleProvider"); 
+    }
+    
     public static String encodeSecretKey(SecretKey key) throws SecurityException {
         return encodeBytes(key.getEncoded());
     }


Mime
View raw message