cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject cxf git commit: Also trying to make JWE key algo retrieval more type safe
Date Thu, 12 Nov 2015 12:45:22 GMT
Repository: cxf
Updated Branches:
  refs/heads/3.1.x-fixes 196070314 -> dd598c498


Also trying to make JWE key algo retrieval more type safe


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/dd598c49
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/dd598c49
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/dd598c49

Branch: refs/heads/3.1.x-fixes
Commit: dd598c4985d8f61fd3d4fa7754d936cc6651bcee
Parents: 1960703
Author: Sergey Beryozkin <sberyozkin@gmail.com>
Authored: Thu Nov 12 12:43:34 2015 +0000
Committer: Sergey Beryozkin <sberyozkin@gmail.com>
Committed: Thu Nov 12 12:44:50 2015 +0000

----------------------------------------------------------------------
 .../cxf/rs/security/jose/jwa/KeyAlgorithm.java  |  4 +-
 .../cxf/rs/security/jose/jwe/JweUtils.java      | 68 ++++++++++----------
 .../security/jose/jwe/JweJsonProducerTest.java  |  2 +-
 3 files changed, 39 insertions(+), 35 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/dd598c49/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/KeyAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/KeyAlgorithm.java
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/KeyAlgorithm.java
index 46bccf3..5a89b0d 100644
--- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/KeyAlgorithm.java
+++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/KeyAlgorithm.java
@@ -38,7 +38,9 @@ public enum KeyAlgorithm {
     ECDH_ES_A128KW(AlgorithmUtils.ECDH_ES_A128KW_ALGO, "AESWrap", 128),
     ECDH_ES_A192KW(AlgorithmUtils.ECDH_ES_A192KW_ALGO, "AESWrap", 192),
     ECDH_ES_A256KW(AlgorithmUtils.ECDH_ES_A256KW_ALGO, "AESWrap", 256),
-    ECDH_ES_DIRECT(AlgorithmUtils.ECDH_ES_DIRECT_ALGO, null, -1);
+    ECDH_ES_DIRECT(AlgorithmUtils.ECDH_ES_DIRECT_ALGO, null, -1),
+    
+    DIRECT("direct", null, -1);
         
     private final String jwaName;
     private final String javaName;

http://git-wip-us.apache.org/repos/asf/cxf/blob/dd598c49/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
index 95ebcb4..191a8a7 100644
--- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
+++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
@@ -212,27 +212,28 @@ public final class JweUtils {
         }
         return null;
     }
-    public static ContentEncryptionProvider getContentEncryptionAlgorithm(JsonWebKey jwk)
{
-        return getContentEncryptionAlgorithm(jwk, null);
+    public static ContentEncryptionProvider getContentEncryptionProvider(JsonWebKey jwk)
{
+        return getContentEncryptionProvider(jwk, null);
     }
-    public static ContentEncryptionProvider getContentEncryptionAlgorithm(JsonWebKey jwk,
String defaultAlgorithm) {
+    public static ContentEncryptionProvider getContentEncryptionProvider(JsonWebKey jwk,

+                                                                         String defaultAlgorithm)
{
         String ctEncryptionAlgo = jwk.getAlgorithm() == null ? defaultAlgorithm : jwk.getAlgorithm();
         ContentEncryptionProvider contentEncryptionProvider = null;
         KeyType keyType = jwk.getKeyType();
         if (KeyType.OCTET == keyType) {
-            return getContentEncryptionAlgorithm(JwkUtils.toSecretKey(jwk),
+            return getContentEncryptionProvider(JwkUtils.toSecretKey(jwk),
                                                  getContentAlgo(ctEncryptionAlgo));
         }
         return contentEncryptionProvider;
     }
-    public static ContentEncryptionProvider getContentEncryptionAlgorithm(SecretKey key,

+    public static ContentEncryptionProvider getContentEncryptionProvider(SecretKey key, 
                                                                           ContentAlgorithm
algorithm) {
         if (AlgorithmUtils.isAesGcm(algorithm.getJwaName())) {
             return new AesGcmContentEncryptionAlgorithm(key, null, algorithm);
         }
         return null;
     }
-    public static ContentEncryptionProvider getContentEncryptionAlgorithm(String algorithm)
{
+    public static ContentEncryptionProvider getContentEncryptionProvider(String algorithm)
{
         if (AlgorithmUtils.isAesGcm(algorithm)) {
             return new AesGcmContentEncryptionAlgorithm(getContentAlgo(algorithm));
         }
@@ -268,7 +269,7 @@ public final class JweUtils {
                                                null, new DirectKeyEncryptionAlgorithm());
         } else {
             return new JweEncryption(new DirectKeyEncryptionAlgorithm(), 
-                                 getContentEncryptionAlgorithm(key, algo));
+                                 getContentEncryptionProvider(key, algo));
         }
     }
     public static JweDecryption getDirectKeyJweDecryption(JsonWebKey key) {
@@ -305,8 +306,7 @@ public final class JweUtils {
                 m, JoseConstants.RSSEC_ENCRYPTION_INCLUDE_CERT_SHA1, false);
         
         KeyEncryptionProvider keyEncryptionProvider = null;
-        String keyEncryptionAlgo = getKeyEncryptionAlgorithm(m, props, null, null);
-        KeyAlgorithm keyAlgo = KeyAlgorithm.getAlgorithm(keyEncryptionAlgo); 
+        KeyAlgorithm keyAlgo = getKeyEncryptionAlgorithm(m, props, null, null);
         String contentEncryptionAlgo = getContentEncryptionAlgo(m, props, null);
         if (m != null) {
             m.put(JoseConstants.RSSEC_ENCRYPTION_CONTENT_ALGORITHM, contentEncryptionAlgo);
@@ -314,12 +314,13 @@ public final class JweUtils {
         ContentEncryptionProvider ctEncryptionProvider = null;
         if (JoseConstants.HEADER_JSON_WEB_KEY.equals(props.get(JoseConstants.RSSEC_KEY_STORE_TYPE)))
{
             JsonWebKey jwk = JwkUtils.loadJsonWebKey(m, props, KeyOperation.ENCRYPT);
-            if ("direct".equals(keyEncryptionAlgo)) {
+            if ("direct".equals(keyAlgo.getJwaName())) {
                 contentEncryptionAlgo = getContentEncryptionAlgo(m, props, jwk.getAlgorithm());
-                ctEncryptionProvider = getContentEncryptionAlgorithm(jwk, contentEncryptionAlgo);
+                ctEncryptionProvider = getContentEncryptionProvider(jwk, contentEncryptionAlgo);
             } else {
-                keyEncryptionAlgo = getKeyEncryptionAlgorithm(m, props, jwk.getAlgorithm(),

-                                                         getDefaultKeyAlgorithm(jwk));
+                keyAlgo = getKeyEncryptionAlgorithm(m, props, 
+                                                    KeyAlgorithm.getAlgorithm(jwk.getAlgorithm()),

+                                                    getDefaultKeyAlgorithm(jwk));
                 keyEncryptionProvider = getKeyEncryptionProvider(jwk, keyAlgo);
                 
                 boolean includePublicKey = headers != null && MessageUtils.getContextualBoolean(
@@ -328,7 +329,7 @@ public final class JweUtils {
                     m, JoseConstants.RSSEC_ENCRYPTION_INCLUDE_KEY_ID, false);
                 
                 if (includeCert) {
-                    JwkUtils.includeCertChain(jwk, headers, keyEncryptionAlgo);
+                    JwkUtils.includeCertChain(jwk, headers, keyAlgo.getJwaName());
                 }
                 if (includeCertSha1) {
                     String digest = KeyManagementUtils.loadDigestAndEncodeX509Certificate(m,
props);
@@ -337,7 +338,7 @@ public final class JweUtils {
                     }
                 }
                 if (includePublicKey) {
-                    JwkUtils.includePublicKey(jwk, headers, keyEncryptionAlgo);
+                    JwkUtils.includePublicKey(jwk, headers, keyAlgo.getJwaName());
                 }
                 if (includeKeyId && jwk.getKeyId() != null && headers !=
null) {
                     headers.setKeyId(jwk.getKeyId());
@@ -387,7 +388,7 @@ public final class JweUtils {
         KeyDecryptionProvider keyDecryptionProvider = null;
         String contentEncryptionAlgo = getContentEncryptionAlgo(m, props, null);
         SecretKey ctDecryptionKey = null;
-        String keyEncryptionAlgo = getKeyEncryptionAlgorithm(m, props, null, null);
+        KeyAlgorithm keyAlgo = getKeyEncryptionAlgorithm(m, props, null, null);
         if (inHeaders != null && inHeaders.getHeader(JoseConstants.HEADER_X509_CHAIN)
!= null) {
             // Supporting loading a private key via a certificate for now
             List<X509Certificate> chain = KeyManagementUtils.toX509CertificateChain(inHeaders.getX509Chain());
@@ -418,19 +419,19 @@ public final class JweUtils {
                     throw new JweException(JweException.Error.KEY_DECRYPTION_FAILURE);
                 }
                 
-                if ("direct".equals(keyEncryptionAlgo)) {
+                if ("direct".equals(keyAlgo.getJwaName())) {
                     contentEncryptionAlgo = getContentEncryptionAlgo(m, props, jwk.getAlgorithm());
                     ctDecryptionKey = getContentDecryptionSecretKey(jwk, contentEncryptionAlgo);
                 } else {
-                    keyEncryptionAlgo = getKeyEncryptionAlgorithm(m, props, jwk.getAlgorithm(),
-                                                             getDefaultKeyAlgorithm(jwk));
-                    keyDecryptionProvider = getKeyDecryptionProvider(jwk, 
-                                                                      KeyAlgorithm.getAlgorithm(keyEncryptionAlgo));
+                    keyAlgo = getKeyEncryptionAlgorithm(m, props, 
+                                                        KeyAlgorithm.getAlgorithm(jwk.getAlgorithm()),
+                                                        getDefaultKeyAlgorithm(jwk));
+                    keyDecryptionProvider = getKeyDecryptionProvider(jwk, keyAlgo);
                 }
             } else {
                 keyDecryptionProvider = getPrivateKeyDecryptionProvider(
                     KeyManagementUtils.loadPrivateKey(m, props, KeyOperation.DECRYPT), 
-                    KeyAlgorithm.getAlgorithm(keyEncryptionAlgo));
+                    keyAlgo);
             }
         }
         return createJweDecryptionProvider(keyDecryptionProvider, ctDecryptionKey, 
@@ -485,7 +486,7 @@ public final class JweUtils {
             return new AesCbcHmacJweEncryption(getContentAlgo(contentEncryptionAlgo), keyEncryptionProvider);
         } else {
             return new JweEncryption(keyEncryptionProvider,
-                                     getContentEncryptionAlgorithm(contentEncryptionAlgo));
+                                     getContentEncryptionProvider(contentEncryptionAlgo));
         }
     }
     public static JweDecryptionProvider createJweDecryptionProvider(PrivateKey key,
@@ -651,11 +652,11 @@ public final class JweUtils {
         }
     }
     @SuppressWarnings("deprecation")
-    public static String getKeyEncryptionAlgorithm(Message m, Properties props, 
-                                               String algo, String defaultAlgo) {
+    public static KeyAlgorithm getKeyEncryptionAlgorithm(Message m, Properties props, 
+                                                   KeyAlgorithm algo, KeyAlgorithm defaultAlgo)
{
         if (algo == null) {
             if (defaultAlgo == null) {
-                defaultAlgo = AlgorithmUtils.RSA_OAEP_ALGO;
+                defaultAlgo = KeyAlgorithm.RSA_OAEP;
             }
             
             // Check for deprecated identifier first
@@ -667,7 +668,7 @@ public final class JweUtils {
                 encAlgo = (String)m.getContextualProperty(JoseConstants.DEPR_RSSEC_ENCRYPTION_KEY_ALGORITHM);
             }
             if (encAlgo != null) {
-                return encAlgo;
+                return KeyAlgorithm.getAlgorithm(encAlgo);
             }
             
             // Otherwise check newer identifier
@@ -677,18 +678,19 @@ public final class JweUtils {
         }
         return algo;
     }
-    public static String getKeyEncryptionAlgorithm(Properties props, String defaultAlgo)
{
-        return KeyManagementUtils.getKeyAlgorithm(PhaseInterceptorChain.getCurrentMessage(),

+    public static KeyAlgorithm getKeyEncryptionAlgorithm(Properties props, KeyAlgorithm defaultAlgo)
{
+        String algo = KeyManagementUtils.getKeyAlgorithm(PhaseInterceptorChain.getCurrentMessage(),

                                                   props, 
                                                   JoseConstants.RSSEC_ENCRYPTION_KEY_ALGORITHM,

-                                                  defaultAlgo);
+                                                  defaultAlgo == null ? null : defaultAlgo.getJwaName());
+        return algo == null ? null : KeyAlgorithm.getAlgorithm(algo);
     }
-    private static String getDefaultKeyAlgorithm(JsonWebKey jwk) {
+    private static KeyAlgorithm getDefaultKeyAlgorithm(JsonWebKey jwk) {
         KeyType keyType = jwk.getKeyType();
         if (KeyType.OCTET == keyType) {
-            return AlgorithmUtils.A128GCMKW_ALGO;
+            return KeyAlgorithm.A128GCMKW;
         } else {
-            return AlgorithmUtils.RSA_OAEP_ALGO;
+            return KeyAlgorithm.RSA_OAEP;
         }
     }
     @SuppressWarnings("deprecation")

http://git-wip-us.apache.org/repos/asf/cxf/blob/dd598c49/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducerTest.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducerTest.java
b/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducerTest.java
index 86c1425..67d7105 100644
--- a/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducerTest.java
+++ b/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducerTest.java
@@ -282,7 +282,7 @@ public class JweJsonProducerTest extends Assert {
         KeyEncryptionProvider keyEncryption1 = 
             JweUtils.getSecretKeyEncryptionAlgorithm(wrapperKey1, KeyAlgorithm.A128KW);
         ContentEncryptionProvider contentEncryption = 
-            JweUtils.getContentEncryptionAlgorithm(AlgorithmUtils.A128GCM_ALGO);
+            JweUtils.getContentEncryptionProvider(AlgorithmUtils.A128GCM_ALGO);
         JweEncryptionProvider jwe1 = new JweEncryption(keyEncryption1, contentEncryption);
         KeyEncryptionProvider keyEncryption2 = 
             JweUtils.getSecretKeyEncryptionAlgorithm(wrapperKey2, KeyAlgorithm.A128KW);


Mime
View raw message