cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject cxf git commit: [CXF-7407] Adding the helpers for protecting a non-JWT content
Date Wed, 14 Jun 2017 15:39:10 GMT
Repository: cxf
Updated Branches:
  refs/heads/master e16d3a57a -> 63e100e48


[CXF-7407] Adding the helpers for protecting a non-JWT content


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/63e100e4
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/63e100e4
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/63e100e4

Branch: refs/heads/master
Commit: 63e100e48f7c34ec167728497a3ef006a7a34024
Parents: e16d3a5
Author: Sergey Beryozkin <sberyozkin@gmail.com>
Authored: Wed Jun 14 16:38:55 2017 +0100
Committer: Sergey Beryozkin <sberyozkin@gmail.com>
Committed: Wed Jun 14 16:38:55 2017 +0100

----------------------------------------------------------------------
 .../jose/common/AbstractJoseConsumer.java       | 24 ++++++++
 .../jose/common/AbstractJoseProducer.java       | 24 ++++++++
 .../rs/security/jose/common/JoseConsumer.java   | 62 ++++++++++++++++++++
 .../rs/security/jose/common/JoseProducer.java   | 61 +++++++++++++++++++
 .../jose/common/JoseProducerConsumer.java       | 39 ++++++++++++
 .../rs/security/jose/jwt/JoseJwtConsumer.java   | 25 +-------
 .../rs/security/jose/jwt/JoseJwtProducer.java   | 31 ++--------
 .../jose/jwt/JoseJwtProducerConsumer.java       | 39 ++++++++++++
 8 files changed, 258 insertions(+), 47 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/63e100e4/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/AbstractJoseConsumer.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/AbstractJoseConsumer.java
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/AbstractJoseConsumer.java
index de6d0b4..0d9a1b5 100644
--- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/AbstractJoseConsumer.java
+++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/AbstractJoseConsumer.java
@@ -26,8 +26,11 @@ import org.apache.cxf.rs.security.jose.jws.JwsSignatureVerifier;
 import org.apache.cxf.rs.security.jose.jws.JwsUtils;
 
 public abstract class AbstractJoseConsumer {
+    private boolean jwsRequired = true;
+    private boolean jweRequired;
     private JweDecryptionProvider jweDecryptor;
     private JwsSignatureVerifier jwsVerifier;
+    
 
     public void setJweDecryptor(JweDecryptionProvider jweDecryptor) {
         this.jweDecryptor = jweDecryptor;
@@ -59,4 +62,25 @@ public abstract class AbstractJoseConsumer {
         return JwsUtils.loadSignatureVerifier(jwsHeaders, false);
     }
 
+    public boolean isJwsRequired() {
+        return jwsRequired;
+    }
+
+    public void setJwsRequired(boolean jwsRequired) {
+        this.jwsRequired = jwsRequired;
+    }
+
+    public boolean isJweRequired() {
+        return jweRequired;
+    }
+
+    public void setJweRequired(boolean jweRequired) {
+        this.jweRequired = jweRequired;
+    }
+
+    protected void checkProcessRequirements() {
+        if (!isJwsRequired() && !isJweRequired()) {
+            throw new JoseException("Unable to process the data");
+        }
+    }
 }
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/cxf/blob/63e100e4/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/AbstractJoseProducer.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/AbstractJoseProducer.java
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/AbstractJoseProducer.java
index 9fd32cc..cbb7479 100644
--- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/AbstractJoseProducer.java
+++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/AbstractJoseProducer.java
@@ -26,6 +26,8 @@ import org.apache.cxf.rs.security.jose.jws.JwsSignatureProvider;
 import org.apache.cxf.rs.security.jose.jws.JwsUtils;
 
 public abstract class AbstractJoseProducer {
+    private boolean jwsRequired = true;
+    private boolean jweRequired;
     private JwsSignatureProvider sigProvider;
     private JweEncryptionProvider encryptionProvider;
 
@@ -50,4 +52,26 @@ public abstract class AbstractJoseProducer {
     public void setSignatureProvider(JwsSignatureProvider signatureProvider) {
         this.sigProvider = signatureProvider;
     }
+    
+    public boolean isJwsRequired() {
+        return jwsRequired;
+    }
+
+    public void setJwsRequired(boolean jwsRequired) {
+        this.jwsRequired = jwsRequired;
+    }
+
+    public boolean isJweRequired() {
+        return jweRequired;
+    }
+
+    public void setJweRequired(boolean jweRequired) {
+        this.jweRequired = jweRequired;
+    }
+
+    protected void checkProcessRequirements() {
+        if (!isJwsRequired() && !isJweRequired()) {
+            throw new JoseException("Unable to process the data");
+        }
+    }
 }
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/cxf/blob/63e100e4/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/JoseConsumer.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/JoseConsumer.java
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/JoseConsumer.java
new file mode 100644
index 0000000..7bfda94b
--- /dev/null
+++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/JoseConsumer.java
@@ -0,0 +1,62 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.jose.common;
+
+import org.apache.cxf.rs.security.jose.jwe.JweCompactConsumer;
+import org.apache.cxf.rs.security.jose.jwe.JweDecryptionOutput;
+import org.apache.cxf.rs.security.jose.jwe.JweDecryptionProvider;
+import org.apache.cxf.rs.security.jose.jws.JwsCompactConsumer;
+import org.apache.cxf.rs.security.jose.jws.JwsSignatureVerifier;
+import org.apache.cxf.rs.security.jose.jwt.JwtException;
+
+public class JoseConsumer extends AbstractJoseConsumer {
+    
+    public String getData(String data) {
+        super.checkProcessRequirements();
+
+        if (isJweRequired()) {
+            JweCompactConsumer jweConsumer = new JweCompactConsumer(data);
+
+            JweDecryptionProvider theDecryptor = getInitializedDecryptionProvider(jweConsumer.getJweHeaders());
+            if (theDecryptor == null) {
+                throw new JwtException("Unable to decrypt JWT");
+            }
+
+            if (!isJwsRequired()) {
+                return jweConsumer.getDecryptedContentText(theDecryptor);
+            }
+
+            JweDecryptionOutput decOutput = theDecryptor.decrypt(data);
+            data = decOutput.getContentText();
+        }
+
+        JwsCompactConsumer jwsConsumer = new JwsCompactConsumer(data);
+        if (isJwsRequired()) {
+            JwsSignatureVerifier theSigVerifier = getInitializedSignatureVerifier(jwsConsumer.getJwsHeaders());
+            if (theSigVerifier == null) {
+                throw new JwtException("Unable to validate JWT");
+            }
+
+            if (!jwsConsumer.verifySignatureWith(theSigVerifier)) {
+                throw new JwtException("Invalid Signature");
+            }
+        }
+        return jwsConsumer.getDecodedJwsPayload();
+    }
+}

http://git-wip-us.apache.org/repos/asf/cxf/blob/63e100e4/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/JoseProducer.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/JoseProducer.java
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/JoseProducer.java
new file mode 100644
index 0000000..0f602b7
--- /dev/null
+++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/JoseProducer.java
@@ -0,0 +1,61 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.jose.common;
+
+import org.apache.cxf.common.util.StringUtils;
+import org.apache.cxf.rs.security.jose.jwe.JweEncryptionProvider;
+import org.apache.cxf.rs.security.jose.jwe.JweHeaders;
+import org.apache.cxf.rs.security.jose.jws.JwsCompactProducer;
+import org.apache.cxf.rs.security.jose.jws.JwsHeaders;
+import org.apache.cxf.rs.security.jose.jws.JwsSignatureProvider;
+
+public class JoseProducer extends AbstractJoseProducer {
+    
+    public String processData(String data) {
+        super.checkProcessRequirements();
+        
+        JweEncryptionProvider theEncProvider = null;
+        JweHeaders jweHeaders = new JweHeaders();
+        if (isJweRequired()) {
+            theEncProvider = getInitializedEncryptionProvider(jweHeaders);
+            if (theEncProvider == null) {
+                throw new JoseException("Unable to encrypt the data");
+            }
+        }
+
+        if (isJwsRequired()) {
+            JwsHeaders jwsHeaders = new JwsHeaders();
+            JwsCompactProducer jws = new JwsCompactProducer(jwsHeaders, data);
+            
+            JwsSignatureProvider theSigProvider = getInitializedSignatureProvider(jwsHeaders);
+            
+            if (theSigProvider == null) {
+                throw new JoseException("Unable to sign the data");
+            }
+
+            data = jws.signWith(theSigProvider);
+            
+        }
+        if (theEncProvider != null) {
+            data = theEncProvider.encrypt(StringUtils.toBytesUTF8(data), jweHeaders);
+        }
+        return data;
+    }
+
+}

http://git-wip-us.apache.org/repos/asf/cxf/blob/63e100e4/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/JoseProducerConsumer.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/JoseProducerConsumer.java
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/JoseProducerConsumer.java
new file mode 100644
index 0000000..f0e8237
--- /dev/null
+++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/JoseProducerConsumer.java
@@ -0,0 +1,39 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.jose.common;
+
+public class JoseProducerConsumer {
+    
+    private JoseProducer producer = new JoseProducer();
+    private JoseConsumer consumer = new JoseConsumer();
+    
+    public String processData(String data) {
+        return producer.processData(data);
+    }
+    public String getData(String data) {
+        return consumer.getData(data);
+    }
+    
+    public void setProducer(JoseProducer producer) {
+        this.producer = producer;
+    }
+    public void setConsumer(JoseConsumer consumer) {
+        this.consumer = consumer;
+    }
+}

http://git-wip-us.apache.org/repos/asf/cxf/blob/63e100e4/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JoseJwtConsumer.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JoseJwtConsumer.java
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JoseJwtConsumer.java
index c2e129e..1f57d60 100644
--- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JoseJwtConsumer.java
+++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JoseJwtConsumer.java
@@ -27,9 +27,7 @@ import org.apache.cxf.rs.security.jose.jws.JwsJwtCompactConsumer;
 import org.apache.cxf.rs.security.jose.jws.JwsSignatureVerifier;
 
 public class JoseJwtConsumer extends AbstractJoseConsumer {
-    private boolean jwsRequired = true;
-    private boolean jweRequired;
-
+    
     private int clockOffset;
     private int ttl;
 
@@ -39,9 +37,7 @@ public class JoseJwtConsumer extends AbstractJoseConsumer {
     public JwtToken getJwtToken(String wrappedJwtToken,
                                    JweDecryptionProvider theDecryptor,
                                    JwsSignatureVerifier theSigVerifier) {
-        if (!isJwsRequired() && !isJweRequired()) {
-            throw new JwtException("Unable to process JWT");
-        }
+        super.checkProcessRequirements();
 
         JweHeaders jweHeaders = new JweHeaders();
         if (isJweRequired()) {
@@ -91,22 +87,7 @@ public class JoseJwtConsumer extends AbstractJoseConsumer {
 
     protected void validateToken(JwtToken jwt) {
     }
-    public boolean isJwsRequired() {
-        return jwsRequired;
-    }
-
-    public void setJwsRequired(boolean jwsRequired) {
-        this.jwsRequired = jwsRequired;
-    }
-
-    public boolean isJweRequired() {
-        return jweRequired;
-    }
-
-    public void setJweRequired(boolean jweRequired) {
-        this.jweRequired = jweRequired;
-    }
-
+    
     public int getClockOffset() {
         return clockOffset;
     }

http://git-wip-us.apache.org/repos/asf/cxf/blob/63e100e4/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JoseJwtProducer.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JoseJwtProducer.java
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JoseJwtProducer.java
index bfb22c4..51998a3 100644
--- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JoseJwtProducer.java
+++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JoseJwtProducer.java
@@ -26,18 +26,14 @@ import org.apache.cxf.rs.security.jose.jws.JwsJwtCompactProducer;
 import org.apache.cxf.rs.security.jose.jws.JwsSignatureProvider;
 
 public class JoseJwtProducer extends AbstractJoseProducer {
-    private boolean jwsRequired = true;
-    private boolean jweRequired;
-
+    
     public String processJwt(JwtToken jwt) {
         return processJwt(jwt, null, null);
     }
     public String processJwt(JwtToken jwt,
                                 JweEncryptionProvider theEncProvider,
                                 JwsSignatureProvider theSigProvider) {
-        if (!isJwsRequired() && !isJweRequired()) {
-            throw new JwtException("Unable to secure JWT");
-        }
+        super.checkProcessRequirements();
         String data = null;
 
         if (isJweRequired() && theEncProvider == null) {
@@ -48,12 +44,13 @@ public class JoseJwtProducer extends AbstractJoseProducer {
         }
 
         if (isJwsRequired()) {
+            
             JwsJwtCompactProducer jws = new JwsJwtCompactProducer(jwt);
             if (jws.isPlainText()) {
                 data = jws.getSignedEncodedJws();
             } else {
                 if (theSigProvider == null) {
-                    theSigProvider = getInitializedSignatureProvider(jwt.getJwsHeaders());
+                    theSigProvider = getInitializedSignatureProvider(jws.getJwsHeaders());
                 }
 
                 if (theSigProvider == null) {
@@ -63,29 +60,13 @@ public class JoseJwtProducer extends AbstractJoseProducer {
                 data = jws.signWith(theSigProvider);
             }
             if (theEncProvider != null) {
-                data = theEncProvider.encrypt(StringUtils.toBytesUTF8(data), null);
+                data = theEncProvider.encrypt(StringUtils.toBytesUTF8(data), jwt.getJweHeaders());
             }
         } else {
-            JweJwtCompactProducer jwe = new JweJwtCompactProducer(jwt);
+            JweJwtCompactProducer jwe = new JweJwtCompactProducer(jwt.getJweHeaders(), jwt.getClaims());
             data = jwe.encryptWith(theEncProvider);
         }
         return data;
     }
 
-    public boolean isJwsRequired() {
-        return jwsRequired;
-    }
-
-    public void setJwsRequired(boolean jwsRequired) {
-        this.jwsRequired = jwsRequired;
-    }
-
-    public boolean isJweRequired() {
-        return jweRequired;
-    }
-
-    public void setJweRequired(boolean jweRequired) {
-        this.jweRequired = jweRequired;
-    }
-
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/63e100e4/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JoseJwtProducerConsumer.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JoseJwtProducerConsumer.java
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JoseJwtProducerConsumer.java
new file mode 100644
index 0000000..e1a0710
--- /dev/null
+++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JoseJwtProducerConsumer.java
@@ -0,0 +1,39 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.jose.jwt;
+
+public class JoseJwtProducerConsumer {
+    
+    private JoseJwtProducer producer = new JoseJwtProducer();
+    private JoseJwtConsumer consumer = new JoseJwtConsumer();
+    
+    public String processJwt(JwtToken jwt) {
+        return producer.processJwt(jwt);
+    }
+    public JwtToken getJwtToken(String wrappedJwtToken) {
+        return consumer.getJwtToken(wrappedJwtToken);
+    }
+    
+    public void setProducer(JoseJwtProducer producer) {
+        this.producer = producer;
+    }
+    public void setConsumer(JoseJwtConsumer consumer) {
+        this.consumer = consumer;
+    }
+}


Mime
View raw message