cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject svn commit: r993130 - in /websites/production/cxf/content: cache/docs.pageCache docs/jax-rs-jose.html
Date Tue, 19 Jul 2016 12:47:57 GMT
Author: buildbot
Date: Tue Jul 19 12:47:56 2016
New Revision: 993130

Production update by buildbot for cxf


Modified: websites/production/cxf/content/cache/docs.pageCache
Binary files - no diff available.

Modified: websites/production/cxf/content/docs/jax-rs-jose.html
--- websites/production/cxf/content/docs/jax-rs-jose.html (original)
+++ websites/production/cxf/content/docs/jax-rs-jose.html Tue Jul 19 12:47:56 2016
@@ -119,11 +119,11 @@ Apache CXF -- JAX-RS JOSE
            <!-- Content -->
            <div class="wiki-content">
 <div id="ConfluenceContent"><p>&#160;</p><p>&#160;</p><p><style
-div.rbtoc1466610419696 {padding: 0px;}
-div.rbtoc1466610419696 ul {list-style: disc;margin-left: 0px;}
-div.rbtoc1466610419696 li {margin-left: 0px;padding-left: 0px;}
+div.rbtoc1468932436528 {padding: 0px;}
+div.rbtoc1468932436528 ul {list-style: disc;margin-left: 0px;}
+div.rbtoc1468932436528 li {margin-left: 0px;padding-left: 0px;}
-/*]]>*/</style></p><div class="toc-macro rbtoc1466610419696">
+/*]]>*/</style></p><div class="toc-macro rbtoc1468932436528">
 <ul class="toc-indentation"><li><a shape="rect" href="#JAX-RSJOSE-Introduction">Introduction</a></li><li><a
shape="rect" href="#JAX-RSJOSE-MavenDependencies">Maven Dependencies</a></li><li><a
shape="rect" href="#JAX-RSJOSE-JavaandJCEPolicy">Java and JCE Policy&#160;</a></li><li><a
shape="rect" href="#JAX-RSJOSE-JOSEOverviewandImplementation">JOSE Overview and Implementation</a>
 <ul class="toc-indentation"><li><a shape="rect" href="#JAX-RSJOSE-JWAAlgorithms">JWA
Algorithms</a></li><li><a shape="rect" href="#JAX-RSJOSE-JWKKeys">JWK
Keys</a></li><li><a shape="rect" href="#JAX-RSJOSE-JWSSignature">JWS
 <ul class="toc-indentation"><li><a shape="rect" href="#JAX-RSJOSE-SignatureandVerificationProviders">Signature
and Verification Providers</a></li><li><a shape="rect" href="#JAX-RSJOSE-JWSCompact">JWS
Compact</a></li><li><a shape="rect" href="#JAX-RSJOSE-JWSJSON">JWS
JSON</a></li><li><a shape="rect" href="#JAX-RSJOSE-JWSwithDetachedContent">JWS
with Detached Content</a></li><li><a shape="rect" href="#JAX-RSJOSE-JWSwithUnencodedPayload">JWS
with Unencoded Payload</a></li></ul>
@@ -329,29 +329,46 @@ JweEncryptionProvider jweEnc1 = new JweE
 KeyEncryptionProvider keyEncryption2 = JweUtils.getSecretKeyEncryptionAlgorithm(wrapperKey2,
 JweEncryptionProvider jweEnc2 = new JweEncryption(keyEncryption2, contentEncryption);
-List&lt;JweEncryptionProvider&gt; jweList = new LinkedList&lt;JweEncryptionProvider&gt;();
+List&lt;JweEncryptionProvider&gt; jweProviders = new LinkedList&lt;JweEncryptionProvider&gt;();
+List&lt;JweHeaders&gt; perRecipientHeades = new LinkedList&lt;JweHeaders&gt;();
+perRecipientHeades.add(new JweHeaders("key1"));
+perRecipientHeades.add(new JweHeaders("key2"));
 JweJsonProducer p = new JweJsonProducer(protectedHeaders,
-                                        false);
-String jweJsonOut = p.encryptWith(jweList);
+                                        false) {
+                         protected JweEncryptionInput createEncryptionInput(JweHeaders jsonHeaders)
+                           JweEncryptionInput input = super.createEncryptionInput(jsonHeaders);
+                           input.setCek(CEK_BYTES);
+                           input.setIv(JweCompactReaderWriterTest.INIT_VECTOR_A1);
+                           return input;
+                         }
+                    } 
+String jweJsonOut = p.encryptWith(jweProviders, perRecipientHeades);
+JweJsonConsumer consumer = new JweJsonConsumer(jweJsonOut);
+KeyAlgorithm keyAlgo = consumer.getSharedUnprotectedHeader().getKeyEncryptionAlgorithm();
+ContentAlgorithm ctAlgo = consumer.getProtectedHeader().getContentEncryptionAlgorithm();
+// first recipient:
+JweDecryptionProvider jwe1 = JweUtils.createJweDecryptionProvider(wrapperKey1, keyAlgo, ctAlgo);
-// first consumer:
-JweDecryptionProvider jweDecrypt = JweUtils.createJweDecryptionProvider(wrapperKey1, 
-                                                                 KeyAlgorithm.A128KW, 
-                                                                 ContentAlgorithm.A128GCM);
-JweJsonConsumer c = new JweJsonConsumer(jweJsonOut);
 // the consumer will iterate over JWE entries and will try to find the one which can be decrypted
with this decryptor
-// which is always precise if only a single receipient entry is available
 // or do consumer.getRecipientsMap() returning a list of entries and their metadata to do
a more precise selection.
-String content = consumer.decryptWith(jweDecrypt).getContent();
+String content = consumer.decryptWith(jwe1, Collections.singletonMap("kid", "key1")).getContent();
+// second recipient:
+JweDecryptionProvider jwe2 = JweUtils.createJweDecryptionProvider(wrapperKey2, keyAlgo, ctAlgo);
+content = consumer.decryptWith(jwe2, Collections.singletonMap("kid", "key1")).getContent();
 </div></div><p>If the sequence contains a single recipient entry only then
the JWE JSON 'recipients' array will contain a single entry, or the whole sequence can be
<a shape="rect" class="external-link" href=""
rel="nofollow">flattened</a> instead with the actual 'recipients' array dropped.
JweJsonProducer &#160;does not produce the flattened sequence when only a single encryption
is done by default because 3rd party JWE JSON consumers may only be able to process the sequences
with the 'recipients' array, so pass a 'canBeFlat' flag to JwEJsonProducer if needed</p><p>Does
it make sense to use JWE JSON if you do not plan to do multiple encryptions ? Most likely
you will prefer JWE Compact if only a single recipient is targeted.</p><h2 id="JAX-RSJOSE-JSONWebToken">JSON
Web Token</h2><p><a shape="rect" class="external-link" href=""
rel="nofollow">JWT</a> (JSON Web Token) is a collection of claims in JSON 
 format. It is simply a regular JSON document where each top elevel property is called a 'claim'.</p><p>JWT
can be JWS signed and/or JWE encrypted like any other data structure.</p><p>JWT
is mainly used in OAuth2 and OIDC applications to represent self-contained OAuth2 access tokens,
OIDC IdToken, UserInfo, but can also be used in other contexts. For example, see the section
below on linking JWT authentication tokens to JWS or JWE secured payloads.</p><p>CXF
offers a JWT support in <a shape="rect" class="external-link" href=""
rel="nofollow">this package</a>. Typically one would create a set of claims and submit
them to JWS/JWE JWT processors, for example, see a JWS section above.</p><h2 id="JAX-RSJOSE-JWSandJWECombined">JWS
and JWE Combined</h2><p>If you have a requirement to sign the data and then encrypt
the signed payload then it can be easily achieved by sel
 ecting a required JWS Producer and creating a JWS Compact sequence, and next submitting this
sequence to a JWE producer, and processing it all in the reverse sequence</p><h1
id="JAX-RSJOSE-JOSEJAX-RSFilters">JOSE JAX-RS Filters</h1><p>&#160;</p><p>While
working directly with JWS and JWE providers may be needed in the application code, JAX-RS
users writing the code like this:</p><div class="code panel pdl" style="border-width:
1px;"><div class="codeHeader panelHeader pdl" style="border-bottom-width: 1px;"><b>Typical
JAX-RS code</b></div><div class="codeContent panelContent pdl">
 <pre class="brush: java; gutter: false; theme: Default" style="font-size:12px;">@Path("/bookstore")
 public class BookStore {

View raw message