oltu-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From asa...@apache.org
Subject svn commit: r1583609 - in /oltu/trunk/jose/jws: ./ src/main/java/org/apache/oltu/jose/jws/ src/main/java/org/apache/oltu/jose/jws/signature/impl/
Date Tue, 01 Apr 2014 10:56:29 GMT
Author: asanso
Date: Tue Apr  1 10:56:28 2014
New Revision: 1583609

URL: http://svn.apache.org/r1583609
Log:
OLTU-143 - Add support for public key signature algorithm to the JWS module

Added:
    oltu/trunk/jose/jws/src/main/java/org/apache/oltu/jose/jws/JwsConstants.java
    oltu/trunk/jose/jws/src/main/java/org/apache/oltu/jose/jws/signature/impl/PrivateKey.java
    oltu/trunk/jose/jws/src/main/java/org/apache/oltu/jose/jws/signature/impl/PublicKey.java
    oltu/trunk/jose/jws/src/main/java/org/apache/oltu/jose/jws/signature/impl/SignatureMethodRSAImpl.java
Modified:
    oltu/trunk/jose/jws/pom.xml

Modified: oltu/trunk/jose/jws/pom.xml
URL: http://svn.apache.org/viewvc/oltu/trunk/jose/jws/pom.xml?rev=1583609&r1=1583608&r2=1583609&view=diff
==============================================================================
--- oltu/trunk/jose/jws/pom.xml (original)
+++ oltu/trunk/jose/jws/pom.xml Tue Apr  1 10:56:28 2014
@@ -38,7 +38,7 @@
     <dependency>
       <groupId>org.apache.oltu.commons</groupId>
       <artifactId>org.apache.oltu.commons.encodedtoken</artifactId>
-      <version>1.0.0</version>
+      <version>1.0.1-SNAPSHOT</version>
     </dependency>
 
     <dependency>
@@ -46,6 +46,7 @@
       <artifactId>org.apache.oltu.commons.json</artifactId>
       <version>1.0.0</version>
     </dependency>
+    
   </dependencies>
 
 </project>

Added: oltu/trunk/jose/jws/src/main/java/org/apache/oltu/jose/jws/JwsConstants.java
URL: http://svn.apache.org/viewvc/oltu/trunk/jose/jws/src/main/java/org/apache/oltu/jose/jws/JwsConstants.java?rev=1583609&view=auto
==============================================================================
--- oltu/trunk/jose/jws/src/main/java/org/apache/oltu/jose/jws/JwsConstants.java (added)
+++ oltu/trunk/jose/jws/src/main/java/org/apache/oltu/jose/jws/JwsConstants.java Tue Apr 
1 10:56:28 2014
@@ -0,0 +1,26 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.oltu.jose.jws;
+
+public class JwsConstants {
+
+    public static final String RS256 = "RS256";
+
+    public static final String RS384 = "RS384";
+
+    public static final String RS512 = "RS512";
+}

Added: oltu/trunk/jose/jws/src/main/java/org/apache/oltu/jose/jws/signature/impl/PrivateKey.java
URL: http://svn.apache.org/viewvc/oltu/trunk/jose/jws/src/main/java/org/apache/oltu/jose/jws/signature/impl/PrivateKey.java?rev=1583609&view=auto
==============================================================================
--- oltu/trunk/jose/jws/src/main/java/org/apache/oltu/jose/jws/signature/impl/PrivateKey.java
(added)
+++ oltu/trunk/jose/jws/src/main/java/org/apache/oltu/jose/jws/signature/impl/PrivateKey.java
Tue Apr  1 10:56:28 2014
@@ -0,0 +1,33 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.oltu.jose.jws.signature.impl;
+
+import org.apache.oltu.jose.jws.signature.SigningKey;
+
+public class PrivateKey implements SigningKey {
+
+    java.security.PrivateKey privateKey;
+
+    public PrivateKey(java.security.PrivateKey privateKey) {
+        this.privateKey = privateKey;
+    }
+
+    public java.security.PrivateKey getPrivateKey() {
+        return privateKey;
+    }
+
+}
\ No newline at end of file

Added: oltu/trunk/jose/jws/src/main/java/org/apache/oltu/jose/jws/signature/impl/PublicKey.java
URL: http://svn.apache.org/viewvc/oltu/trunk/jose/jws/src/main/java/org/apache/oltu/jose/jws/signature/impl/PublicKey.java?rev=1583609&view=auto
==============================================================================
--- oltu/trunk/jose/jws/src/main/java/org/apache/oltu/jose/jws/signature/impl/PublicKey.java
(added)
+++ oltu/trunk/jose/jws/src/main/java/org/apache/oltu/jose/jws/signature/impl/PublicKey.java
Tue Apr  1 10:56:28 2014
@@ -0,0 +1,33 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.oltu.jose.jws.signature.impl;
+
+import org.apache.oltu.jose.jws.signature.VerifyingKey;
+
+public class PublicKey implements VerifyingKey {
+
+    java.security.PublicKey publicKey;
+
+    public PublicKey(java.security.PublicKey publicKey) {
+        this.publicKey = publicKey;
+    }
+
+    public java.security.PublicKey getPublicKey() {
+        return publicKey;
+    }
+
+}
\ No newline at end of file

Added: oltu/trunk/jose/jws/src/main/java/org/apache/oltu/jose/jws/signature/impl/SignatureMethodRSAImpl.java
URL: http://svn.apache.org/viewvc/oltu/trunk/jose/jws/src/main/java/org/apache/oltu/jose/jws/signature/impl/SignatureMethodRSAImpl.java?rev=1583609&view=auto
==============================================================================
--- oltu/trunk/jose/jws/src/main/java/org/apache/oltu/jose/jws/signature/impl/SignatureMethodRSAImpl.java
(added)
+++ oltu/trunk/jose/jws/src/main/java/org/apache/oltu/jose/jws/signature/impl/SignatureMethodRSAImpl.java
Tue Apr  1 10:56:28 2014
@@ -0,0 +1,118 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.oltu.jose.jws.signature.impl;
+ 
+import java.security.Signature;
+import org.apache.oltu.commons.encodedtoken.TokenDecoder;
+import org.apache.oltu.jose.jws.JwsConstants;
+import org.apache.oltu.jose.jws.signature.SignatureMethod;
+
+/**
+ * Class that asymmetrically sign and verify the
+ * issued token 
+ * 
+ */
+public class SignatureMethodRSAImpl implements
+SignatureMethod<PrivateKey, PublicKey>{
+    
+    private String algorithm;
+
+    public SignatureMethodRSAImpl(String algorithm) {
+        super();
+        this.algorithm = algorithm;
+    }
+
+
+    /*
+     * Calculate the signature of given header.payload as for 
+     * http://tools.ietf.org/html/draft-ietf-jose-json-web-signature-21#appendix-A.2.1
+     *  
+     */
+    @Override
+    public String calculate(String header, String payload, PrivateKey signingKey) {
+        StringBuilder sb = new StringBuilder();
+        sb.append(header).append(".").append(payload);
+        final String stringToSign = sb.toString();
+        byte[] bytes = stringToSign.getBytes();
+        try {
+            Signature signature = Signature.getInstance(getAlgorithmInternal());
+            
+            signature.initSign(signingKey.getPrivateKey());
+            signature.update(bytes);
+            bytes = signature.sign();
+            
+            return TokenDecoder.base64Encode(bytes);
+        } catch (Exception e) {
+            throw new RuntimeException(e);
+        }  
+    }
+
+    /*
+     * Verify the signature of given header.payload as for 
+     * http://tools.ietf.org/html/draft-ietf-jose-json-web-signature-21#appendix-A.2.2
+     *  
+     */
+    @Override
+    public boolean verify(String signature, String header, String payload,
+            PublicKey verifyingKey) {
+        final String text = header + "." + payload;
+        try {
+            Signature sign = Signature.getInstance(getAlgorithmInternal());
+            sign.initVerify(verifyingKey.getPublicKey());
+            sign.update(text.getBytes());
+ 
+            return sign.verify(decode(signature));
+             
+        } catch (Exception e) {
+            return false;
+        }
+    }
+
+    @Override
+    public String getAlgorithm() {
+        return algorithm;
+    }
+    
+    // ---------- Private methods ---------------------------------------------
+    private String getAlgorithmInternal(){
+        String alg = null;
+        if (JwsConstants.RS256.equals(algorithm)) { 
+            alg = "SHA256withRSA"; 
+        } else if (JwsConstants.RS384.equals(algorithm)) { 
+            alg = "SHA384withRSA"; 
+        } else if (JwsConstants.RS512.equals(algorithm)) { 
+            alg = "SHA512withRSA"; 
+        }
+        return alg;
+    }
+    
+    private static byte[] decode(String arg) throws Exception {
+        String s = arg;
+        s = s.replace('-', '+'); // 62nd char of encoding
+        s = s.replace('_', '/'); // 63rd char of encoding
+        switch (s.length() % 4) // Pad with trailing '='s
+        {
+          case 0: break; // No pad chars in this case
+          case 2: s += "=="; break; // Two pad chars
+          case 3: s += "="; break; // One pad char
+          default: throw new java.lang.Exception(
+            "Illegal base64url string!");
+        }
+        return TokenDecoder.base64DecodeToByte(s);
+      }
+
+}



Mime
View raw message