cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From build...@apache.org
Subject svn commit: r988536 - in /websites/production/cxf/content: cache/docs.pageCache docs/jax-rs-jose.html
Date Wed, 18 May 2016 14:47:38 GMT
Author: buildbot
Date: Wed May 18 14:47:37 2016
New Revision: 988536

Log:
Production update by buildbot for cxf

Modified:
    websites/production/cxf/content/cache/docs.pageCache
    websites/production/cxf/content/docs/jax-rs-jose.html

Modified: websites/production/cxf/content/cache/docs.pageCache
==============================================================================
Binary files - no diff available.

Modified: websites/production/cxf/content/docs/jax-rs-jose.html
==============================================================================
--- websites/production/cxf/content/docs/jax-rs-jose.html (original)
+++ websites/production/cxf/content/docs/jax-rs-jose.html Wed May 18 14:47:37 2016
@@ -119,11 +119,11 @@ Apache CXF -- JAX-RS JOSE
            <!-- Content -->
            <div class="wiki-content">
 <div id="ConfluenceContent"><p>&#160;</p><p>&#160;</p><p><style
type="text/css">/*<![CDATA[*/
-div.rbtoc1463579220959 {padding: 0px;}
-div.rbtoc1463579220959 ul {list-style: disc;margin-left: 0px;}
-div.rbtoc1463579220959 li {margin-left: 0px;padding-left: 0px;}
+div.rbtoc1463582822610 {padding: 0px;}
+div.rbtoc1463582822610 ul {list-style: disc;margin-left: 0px;}
+div.rbtoc1463582822610 li {margin-left: 0px;padding-left: 0px;}
 
-/*]]>*/</style></p><div class="toc-macro rbtoc1463579220959">
+/*]]>*/</style></p><div class="toc-macro rbtoc1463582822610">
 <ul class="toc-indentation"><li><a shape="rect" href="#JAX-RSJOSE-Introduction">Introduction</a></li><li><a
shape="rect" href="#JAX-RSJOSE-MavenDependencies">Maven Dependencies</a></li><li><a
shape="rect" href="#JAX-RSJOSE-JOSEOverviewandImplementation">JOSE Overview and Implementation</a>
 <ul class="toc-indentation"><li><a shape="rect" href="#JAX-RSJOSE-JWAAlgorithms">JWA
Algorithms</a></li><li><a shape="rect" href="#JAX-RSJOSE-JWKKeys">JWK
Keys</a></li><li><a shape="rect" href="#JAX-RSJOSE-JWSSignature">JWS
Signature</a>
 <ul class="toc-indentation"><li><a shape="rect" href="#JAX-RSJOSE-SignatureandVerificationProviders">Signature
and Verification Providers</a></li><li><a shape="rect" href="#JAX-RSJOSE-JWSCompact">JWS
Compact</a></li><li><a shape="rect" href="#JAX-RSJOSE-JWSJSON">JWS
JSON</a></li><li><a shape="rect" href="#JAX-RSJOSE-JWSwithClearPayload">JWS
with Clear Payload</a></li></ul>
@@ -201,7 +201,7 @@ JwtToken token = jws.getJwtToken();
 JoseHeaders headers = token.getHeaders();
 assertEquals(SignatureAlgorithm.HS256, headers.getAlgorithm());
 validateClaims(token.getClaims());</pre>
-</div></div><h3 id="JAX-RSJOSE-JWSJSON">JWS JSON</h3><h3 id="JAX-RSJOSE-JWSwithClearPayload">JWS
with Clear Payload</h3><h2 id="JAX-RSJOSE-JWEEncryption">JWE Encryption</h2><p><a
shape="rect" class="external-link" href="https://tools.ietf.org/html/rfc7516" rel="nofollow">JWE</a>
(JSON Web Encryption) document describes how a document content, and, when applicable, a content
encryption key, can be encrypted. For example, <a shape="rect" class="external-link" href="https://tools.ietf.org/html/rfc7516#appendix-A.1"
rel="nofollow">Appendix A1</a> shows how the content can be encrypted with a secret
key using AesGcm with the actual content encryption key being encrypted using RSA-OAEP.</p><p>CXF
ships JWE related classes in <a shape="rect" class="external-link" href="https://github.com/apache/cxf/tree/master/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe"
rel="nofollow">this package</a> and offers a support for all of JWA <a shape="rect"
class="external
 -link" href="https://tools.ietf.org/html/rfc7518#section-4" rel="nofollow">key encryption</a>
and <a shape="rect" class="external-link" href="https://tools.ietf.org/html/rfc7518#section-5"
rel="nofollow">content encryption</a> algorithms.</p><h3 id="JAX-RSJOSE-KeyandContentEncryptionProviders">Key
and Content Encryption Providers</h3><p>JWE Encryption process typically involves
a content-encryption key being generated with this key being subsequently encrypted/wrapped
with a key known to the consumer. Thus CXF offers the providers for supporting the key-encryption
algorithms and providers for supporting the content-encryption algorithms. Direct key encryption
(where the content-encryption key is established out of band) is also supported.</p><p><a
shape="rect" class="external-link" href="https://github.com/apache/cxf/blob/master/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/KeyEncryptionProvider.java"
rel="nofollow">KeyEncryptionProvider</a> suppo
 rts encrypting a content-encryption key, <a shape="rect" class="external-link" href="https://github.com/apache/cxf/blob/master/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/KeyDecryptionProvider.java"
rel="nofollow">KeyDecryptionProvider</a> - decrypting it.</p><p>The following
table shows the key encryption algorithms and the corresponding providers:</p><p>RSAKeyEncryptionAlgorithm</p><div
class="table-wrap"><table class="confluenceTable"><tbody><tr><td colspan="1"
rowspan="1" class="confluenceTd">&#160;</td><td colspan="1" rowspan="1" class="confluenceTd"><strong>KeyEncryptionProvider</strong></td><td
colspan="1" rowspan="1" class="confluenceTd"><strong>KeyDecryptionProvider</strong></td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"><a shape="rect" class="external-link" href="https://tools.ietf.org/html/rfc7518#section-4.2"
rel="nofollow">RSAES-PKCS1-v1_5</a></td><td colspan="1" rowspan="1" class="confluenceTd"><pre>RSAKeyEncryptionA
 lgorithm</pre></td><td colspan="1" rowspan="1" class="confluenceTd"><pre>RSAKeyDecryptionAlgorithm</pre></td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"><a shape="rect" class="external-link" href="https://tools.ietf.org/html/rfc7518#section-4.3"
rel="nofollow">RSAES OAEP</a></td><td colspan="1" rowspan="1" class="confluenceTd">RSAKeyEncryptionAlgorithm</td><td
colspan="1" rowspan="1" class="confluenceTd">RSAKeyDecryptionAlgorithm</td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"><a shape="rect" class="external-link" href="https://tools.ietf.org/html/rfc7518#section-4.4"
rel="nofollow">AES Key Wrap</a></td><td colspan="1" rowspan="1" class="confluenceTd">EcDsaJwsSignatureProvider</td><td
colspan="1" rowspan="1" class="confluenceTd">EcDsaJwsSignatureVerifier</td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"><a shape="rect" class="external-link" href="https://tools.ietf.org/html/rfc7518#section-3.5"
rel="nofollow">RSASSA-PSS</a></td><td colspan="1"
  rowspan="1" class="confluenceTd">PrivateKeyJwsSignatureProvider</td><td colspan="1"
rowspan="1" class="confluenceTd">PublicKeyJwsSignatureVerifier</td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"><a shape="rect" class="external-link" href="https://tools.ietf.org/html/rfc7518#section-3.6"
rel="nofollow">None</a></td><td colspan="1" rowspan="1" class="confluenceTd">NoneJwsSignatureProvider</td><td
colspan="1" rowspan="1" class="confluenceTd">NoneJwsSignatureVerifier</td></tr></tbody></table></div><p>Either
of these providers can be initialized with the keys loaded from JWK or JCA stores or from
the in-memory representations.</p><h3 id="JAX-RSJOSE-JWECompact">JWE Compact</h3><p><a
shape="rect" class="external-link" href="https://git-wip-us.apache.org/repos/asf?p=cxf.git;a=blob;f=rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweEncryptionProvider.java;h=615212b1622abb1c0a8b06a3b5498d8b6199d0cc;hb=HEAD">JweEncryptionProvider</a>
supports encrypting t
 he content, <a shape="rect" class="external-link" href="https://git-wip-us.apache.org/repos/asf?p=cxf.git;a=blob;f=rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweDecryptionProvider.java;h=1f4861a2d78df5514ff74c40330c1a5f5933f47d;hb=HEAD">JweDecryptionProvider</a>
- decrypting the content. Encryptors and Decryptors for all of JWE algorithms are shipped.</p><p>Here
is the example of doing AES CBC HMAC and AES Key Wrap in CXF:</p><div class="code
panel pdl" style="border-width: 1px;"><div class="codeHeader panelHeader pdl" style="border-bottom-width:
1px;"><b>CXF Jwe AesWrapAesCbcHMac</b></div><div class="codeContent
panelContent pdl">
+</div></div><h3 id="JAX-RSJOSE-JWSJSON">JWS JSON</h3><h3 id="JAX-RSJOSE-JWSwithClearPayload">JWS
with Clear Payload</h3><h2 id="JAX-RSJOSE-JWEEncryption">JWE Encryption</h2><p><a
shape="rect" class="external-link" href="https://tools.ietf.org/html/rfc7516" rel="nofollow">JWE</a>
(JSON Web Encryption) document describes how a document content, and, when applicable, a content
encryption key, can be encrypted. For example, <a shape="rect" class="external-link" href="https://tools.ietf.org/html/rfc7516#appendix-A.1"
rel="nofollow">Appendix A1</a> shows how the content can be encrypted with a secret
key using AesGcm with the actual content encryption key being encrypted using RSA-OAEP.</p><p>CXF
ships JWE related classes in <a shape="rect" class="external-link" href="https://github.com/apache/cxf/tree/master/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe"
rel="nofollow">this package</a> and offers a support for all of JWA <a shape="rect"
class="external
 -link" href="https://tools.ietf.org/html/rfc7518#section-4" rel="nofollow">key encryption</a>
and <a shape="rect" class="external-link" href="https://tools.ietf.org/html/rfc7518#section-5"
rel="nofollow">content encryption</a> algorithms.</p><h3 id="JAX-RSJOSE-KeyandContentEncryptionProviders">Key
and Content Encryption Providers</h3><p>JWE Encryption process typically involves
a content-encryption key being generated with this key being subsequently encrypted/wrapped
with a key known to the consumer. Thus CXF offers the providers for supporting the key-encryption
algorithms and providers for supporting the content-encryption algorithms. Direct key encryption
(where the content-encryption key is established out of band) is also supported.</p><p><a
shape="rect" class="external-link" href="https://github.com/apache/cxf/blob/master/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/KeyEncryptionProvider.java"
rel="nofollow">KeyEncryptionProvider</a> suppo
 rts encrypting a content-encryption key, <a shape="rect" class="external-link" href="https://github.com/apache/cxf/blob/master/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/KeyDecryptionProvider.java"
rel="nofollow">KeyDecryptionProvider</a> - decrypting it.</p><p>The following
table shows the key encryption algorithms and the corresponding providers:</p><div
class="table-wrap"><table class="confluenceTable"><tbody><tr><td colspan="1"
rowspan="1" class="confluenceTd">&#160;</td><td colspan="1" rowspan="1" class="confluenceTd"><strong>KeyEncryptionProvider</strong></td><td
colspan="1" rowspan="1" class="confluenceTd"><strong>KeyDecryptionProvider</strong></td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"><a shape="rect" class="external-link" href="https://tools.ietf.org/html/rfc7518#section-4.2"
rel="nofollow">RSAES-PKCS1-v1_5</a></td><td colspan="1" rowspan="1" class="confluenceTd"><pre>RSAKeyEncryptionAlgorithm</pre></td><td
colspan="
 1" rowspan="1" class="confluenceTd"><pre>RSAKeyDecryptionAlgorithm</pre></td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"><a shape="rect" class="external-link" href="https://tools.ietf.org/html/rfc7518#section-4.3"
rel="nofollow">RSAES OAEP</a></td><td colspan="1" rowspan="1" class="confluenceTd">RSAKeyEncryptionAlgorithm</td><td
colspan="1" rowspan="1" class="confluenceTd">RSAKeyDecryptionAlgorithm</td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"><a shape="rect" class="external-link" href="https://tools.ietf.org/html/rfc7518#section-4.4"
rel="nofollow">AES Key Wrap</a></td><td colspan="1" rowspan="1" class="confluenceTd">AesKeyWrapEncryptionAlgorithm</td><td
colspan="1" rowspan="1" class="confluenceTd">AesKeyWrapDecryptionAlgorithm</td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"><a shape="rect" class="external-link" href="https://tools.ietf.org/html/rfc7518#section-4.5"
rel="nofollow">Direct</a></td><td colspan="1" rowspan="1" class="confluen
 ceTd">DirectKeyEncryptionAlgorithm</td><td colspan="1" rowspan="1" class="confluenceTd">DirectKeyDecryptionAlgorithm</td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"><a shape="rect" class="external-link" href="https://tools.ietf.org/html/rfc7518#page-15"
rel="nofollow">ECDH-ES Wrap</a></td><td colspan="1" rowspan="1" class="confluenceTd">EcdhAesWrapKeyEncryptionAlgorithm</td><td
colspan="1" rowspan="1" class="confluenceTd">EcdhAesWrapKeyDecryptionAlgorithm</td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"><a shape="rect" class="external-link" href="https://tools.ietf.org/html/rfc7518#page-15"
rel="nofollow">ECDH-ES Direct</a></td><td colspan="1" rowspan="1" class="confluenceTd"><span
class="pl-en">EcdhDirectKeyJweEncryption</span></td><td colspan="1" rowspan="1"
class="confluenceTd"><span class="pl-en">EcdhDirectKeyJweDecryption</span></td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"><a shape="rect" class="external-link" href="https://tools.ietf
 .org/html/rfc7518#section-4.7" rel="nofollow">AES-GCM</a></td><td colspan="1"
rowspan="1" class="confluenceTd">AesGcmWrapKeyEncryptionAlgorithm</td><td colspan="1"
rowspan="1" class="confluenceTd">AesGcmWrapKeyDecryptionAlgorithm</td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"><a shape="rect" class="external-link" href="https://tools.ietf.org/html/rfc7518#section-4.8"
rel="nofollow">PBES2</a></td><td colspan="1" rowspan="1" class="confluenceTd"><span
class="separator">&#160;</span>PbesHmacAesWrapKeyEncryptionAlgorithm</td><td
colspan="1" rowspan="1" class="confluenceTd"><span class="separator">&#160;</span>PbesHmacAesWrapKeyDecryptionAlgorithm</td></tr></tbody></table></div><p>&#160;</p><p><a
shape="rect" class="external-link" href="https://github.com/apache/cxf/blob/master/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/ContentEncryptionProvider.java"
rel="nofollow">ContentEncryptionProvider</a> supports encrypting a generated content
 -encryption key, <a shape="rect" class="external-link" href="https://github.com/apache/cxf/blob/master/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/ContentDecryptionProvider.java"
rel="nofollow">ContentDecryptionProvider</a> - decrypting it.</p><p>The
following table shows the content encryption algorithms and the corresponding providers:</p><div
class="table-wrap"><table class="confluenceTable"><tbody><tr><td colspan="1"
rowspan="1" class="confluenceTd">&#160;</td><td colspan="1" rowspan="1" class="confluenceTd"><strong>ContentEncryptionProvider</strong></td><td
colspan="1" rowspan="1" class="confluenceTd"><strong>ContentDecryptionProvider</strong></td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"><a shape="rect" class="external-link" href="https://tools.ietf.org/html/rfc7518#section-5.2"
rel="nofollow">AES_CBC_HMAC_SHA2</a></td><td colspan="1" rowspan="1" class="confluenceTd"><pre>AesCbcHmacJweEncryption</pre></td><td
colspan="1" ro
 wspan="1" class="confluenceTd"><pre>AesCbcHmacJweDecryption</pre></td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"><a shape="rect" class="external-link" href="https://tools.ietf.org/html/rfc7518#section-5.3"
rel="nofollow">AES-GCM</a></td><td colspan="1" rowspan="1" class="confluenceTd">AesGcmContentEncryptionAlgorithm</td><td
colspan="1" rowspan="1" class="confluenceTd">AesGcmContentDecryptionAlgorithm</td></tr></tbody></table></div><p>All
of the above providers can be initialized with the keys loaded from JWK or JCA stores or from
the in-memory representations.</p><h3 id="JAX-RSJOSE-JWECompact">JWE Compact</h3><p><a
shape="rect" class="external-link" href="https://git-wip-us.apache.org/repos/asf?p=cxf.git;a=blob;f=rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweEncryptionProvider.java;h=615212b1622abb1c0a8b06a3b5498d8b6199d0cc;hb=HEAD">JweEncryptionProvider</a>
supports encrypting the content, <a shape="rect" class="external-link" href="https:
 //git-wip-us.apache.org/repos/asf?p=cxf.git;a=blob;f=rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweDecryptionProvider.java;h=1f4861a2d78df5514ff74c40330c1a5f5933f47d;hb=HEAD">JweDecryptionProvider</a>
- decrypting the content. Encryptors and Decryptors for all of JWE algorithms are shipped.</p><p>Here
is the example of doing AES CBC HMAC and AES Key Wrap in CXF:</p><div class="code
panel pdl" style="border-width: 1px;"><div class="codeHeader panelHeader pdl" style="border-bottom-width:
1px;"><b>CXF Jwe AesWrapAesCbcHMac</b></div><div class="codeContent
panelContent pdl">
 <pre class="brush: java; gutter: false; theme: Default" style="font-size:12px;">final
String specPlainText = "Live long and prosper.";
         
 byte[] cekEncryptionKey = Base64UrlUtility.decode(KEY_ENCRYPTION_KEY_A3);



Mime
View raw message