cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From build...@apache.org
Subject svn commit: r994458 - in /websites/production/cxf/content: cache/docs.pageCache docs/jax-rs-jose.html
Date Thu, 04 Aug 2016 12:47:45 GMT
Author: buildbot
Date: Thu Aug  4 12:47:45 2016
New Revision: 994458

Log:
Production update by buildbot for cxf

Modified:
    websites/production/cxf/content/cache/docs.pageCache
    websites/production/cxf/content/docs/jax-rs-jose.html

Modified: websites/production/cxf/content/cache/docs.pageCache
==============================================================================
Binary files - no diff available.

Modified: websites/production/cxf/content/docs/jax-rs-jose.html
==============================================================================
--- websites/production/cxf/content/docs/jax-rs-jose.html (original)
+++ websites/production/cxf/content/docs/jax-rs-jose.html Thu Aug  4 12:47:45 2016
@@ -119,11 +119,11 @@ Apache CXF -- JAX-RS JOSE
            <!-- Content -->
            <div class="wiki-content">
 <div id="ConfluenceContent"><p>&#160;</p><p>&#160;</p><p><style
type="text/css">/*<![CDATA[*/
-div.rbtoc1469047623884 {padding: 0px;}
-div.rbtoc1469047623884 ul {list-style: disc;margin-left: 0px;}
-div.rbtoc1469047623884 li {margin-left: 0px;padding-left: 0px;}
+div.rbtoc1470314825562 {padding: 0px;}
+div.rbtoc1470314825562 ul {list-style: disc;margin-left: 0px;}
+div.rbtoc1470314825562 li {margin-left: 0px;padding-left: 0px;}
 
-/*]]>*/</style></p><div class="toc-macro rbtoc1469047623884">
+/*]]>*/</style></p><div class="toc-macro rbtoc1470314825562">
 <ul class="toc-indentation"><li><a shape="rect" href="#JAX-RSJOSE-Introduction">Introduction</a></li><li><a
shape="rect" href="#JAX-RSJOSE-MavenDependencies">Maven Dependencies</a></li><li><a
shape="rect" href="#JAX-RSJOSE-JavaandJCEPolicy">Java and JCE Policy&#160;</a></li><li><a
shape="rect" href="#JAX-RSJOSE-JOSEOverviewandImplementation">JOSE Overview and Implementation</a>
 <ul class="toc-indentation"><li><a shape="rect" href="#JAX-RSJOSE-JWAAlgorithms">JWA
Algorithms</a></li><li><a shape="rect" href="#JAX-RSJOSE-JWKKeys">JWK
Keys</a></li><li><a shape="rect" href="#JAX-RSJOSE-JWSSignature">JWS
Signature</a>
 <ul class="toc-indentation"><li><a shape="rect" href="#JAX-RSJOSE-SignatureandVerificationProviders">Signature
and Verification Providers</a></li><li><a shape="rect" href="#JAX-RSJOSE-JWSCompact">JWS
Compact</a></li><li><a shape="rect" href="#JAX-RSJOSE-JWSJSON">JWS
JSON</a></li><li><a shape="rect" href="#JAX-RSJOSE-JWSwithDetachedContent">JWS
with Detached Content</a></li><li><a shape="rect" href="#JAX-RSJOSE-JWSwithUnencodedPayload">JWS
with Unencoded Payload</a></li></ul>
@@ -313,28 +313,42 @@ String decryptedText = decryption.decryp
 assertEquals(content, decryptedText);</pre>
 </div></div><h3 id="JAX-RSJOSE-JWEJSON">JWE JSON</h3><p>While
JWE Compact is optimized and represents a concatenation of 5 Base64URL values, JWE JSON is
an open JSON container, see <a shape="rect" class="external-link" href="https://tools.ietf.org/html/rfc7516#appendix-A.4"
rel="nofollow">Appendix A4</a>.</p><p>The most interesting feature of
JWE JSON is that allows a content be encrypted by multiple key encryption keys, with te resulting
sequence targeted at multiple recipients. For example,&#160; the immediate consumer will
decrypt the content with its own key decryption key, forward the payload to the next consumer,
etc. &#160;</p><p><a shape="rect" class="external-link" href="https://github.com/apache/cxf/blob/master/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducer.java"
rel="nofollow">JweJsonProducer</a> and <a shape="rect" class="external-link" href="https://github.com/apache/cxf/blob/master/rt/rs/security/jose-parent/jose/src/m
 ain/java/org/apache/cxf/rs/security/jose/jwe/JweJsonConsumer.java" rel="nofollow">JweJsonConsumer</a>
support producing and consuming JWS JSON sequences.</p><p>Here is the code example:</p><div
class="code panel pdl" style="border-width: 1px;"><div class="codeHeader panelHeader
pdl" style="border-bottom-width: 1px;"><b>CXF JweJson</b></div><div
class="codeContent panelContent pdl">
 <pre class="brush: java; gutter: false; theme: Default" style="font-size:12px;">final
String text = "The true sign of intelligence is not knowledge but imagination.";
+// Create the secret keys for encrypting the content encryption key:
 SecretKey wrapperKey1 = CryptoUtils.createSecretKeySpec(WRAPPER_BYTES1, "AES");
 SecretKey wrapperKey2 = CryptoUtils.createSecretKeySpec(WRAPPER_BYTES2, "AES");
-        
-JweHeaders protectedHeaders = new JweHeaders(ContentAlgorithm.A128GCM);
-JweHeaders sharedUnprotectedHeaders = new JweHeaders();
-sharedUnprotectedHeaders.setJsonWebKeysUrl("https://server.example.com/keys.jwks");
-sharedUnprotectedHeaders.setKeyEncryptionAlgorithm(KeyAlgorithm.A128KW);
-        
-ContentEncryptionProvider contentEncryption = new AesGcmContentEncryptionAlgorithm(CEK_BYTES,
ContentAlgorithm.A128GCM);
-// if a single recipient then this line is enough:
-// JweUtils.getContentEncryptionProvider(ContentAlgorithm.A128GCM);
-        
-KeyEncryptionProvider keyEncryption1 = JweUtils.getSecretKeyEncryptionAlgorithm(wrapperKey1,
KeyAlgorithm.A128KW);
-JweEncryptionProvider jweEnc1 = new JweEncryption(keyEncryption1, contentEncryption);
 
+// Create KeyEncryptionProviders initialized with these secret keys: 
+KeyEncryptionProvider keyEncryption1 = JweUtils.getSecretKeyEncryptionAlgorithm(wrapperKey1,
KeyAlgorithm.A128KW);
 KeyEncryptionProvider keyEncryption2 = JweUtils.getSecretKeyEncryptionAlgorithm(wrapperKey2,
KeyAlgorithm.A128KW);
-JweEncryptionProvider jweEnc2 = new JweEncryption(keyEncryption2, contentEncryption);
 
+// Create ContentEncryptionProvider:
+ContentEncryptionProvider contentEncryption = new AesGcmContentEncryptionAlgorithm(CEK_BYTES,
ContentAlgorithm.A128GCM);
+// If a single recipient then this line is enough:
+//ContentEncryptionProvider contentEncryption = JweUtils.getContentEncryptionProvider(ContentAlgorithm.A128GCM);
+
+// Prepare JweEncryptionProviders, one per each recipient.
 List&lt;JweEncryptionProvider&gt; jweProviders = new LinkedList&lt;JweEncryptionProvider&gt;();
-jweProviders.add(jweEnc1);
-jweProviders.add(jweEnc2);
-        
+jweProviders.add(new JweEncryption(keyEncryption1, contentEncryption));
+jweProviders.add(new JweEncryption(keyEncryption2, contentEncryption));
+
+
+// Let the recipients know that the key encryption algorithm is A128KW. 
+// This step is optional if the recipients support A128KW only.
+// Note because these headers are shared A128KW needs to be supported by all the recipients.
+// Per-reciepient specific headers can be used instead to note the key encryption algorithm
if required.
+// One can also consider setting this property in the shared protected headers, same as it
is done below
+// with the content algorithm
+
+JweHeaders sharedUnprotectedHeaders = new JweHeaders();
+sharedUnprotectedHeaders.setKeyEncryptionAlgorithm(KeyAlgorithm.A128KW);
+// Set some other custom shared unprotected header
+sharedUnprotectedHeaders.setHeader("customHeader", "customValue");
+
+// Let the recipients know that the content encryption algorithm is A128GCM. 
+// This step is optional if the recipients support A128GCM only.
+JweHeaders protectedHeaders = new JweHeaders(ContentAlgorithm.A128GCM);
+
+// Set per-recipient specific headers        
 List&lt;JweHeaders&gt; perRecipientHeades = new LinkedList&lt;JweHeaders&gt;();
 perRecipientHeades.add(new JweHeaders("key1"));
 perRecipientHeades.add(new JweHeaders("key2"));
@@ -360,7 +374,7 @@ String content = consumer.decryptWith(jw
 
 // second recipient:
 JweDecryptionProvider jwe2 = JweUtils.createJweDecryptionProvider(wrapperKey2, keyAlgo, ctAlgo);
-content = consumer.decryptWith(jwe2, Collections.singletonMap("kid", "key1")).getContent();
+content = consumer.decryptWith(jwe2, Collections.singletonMap("kid", "key2")).getContent();
 
 
 &#160;</pre>



Mime
View raw message