Examples with PrivateKeyPasswordProvider org.apache.cxf.rs.security.jose.common.PrivateKeyPasswordProvider used on opensource projects

Search in sources :

Example 1 with PrivateKeyPasswordProvider

use of org.apache.cxf.rs.security.jose.common.PrivateKeyPasswordProvider in project cxf by apache.

the class JweUtils method loadDecryptionProvider.

public static JweDecryptionProvider loadDecryptionProvider(Properties props, JweHeaders inHeaders) {
    Message m = PhaseInterceptorChain.getCurrentMessage();
    KeyDecryptionProvider keyDecryptionProvider = null;
    ContentAlgorithm contentAlgo = getContentEncryptionAlgorithm(m, props, null, ContentAlgorithm.A128GCM);
    SecretKey ctDecryptionKey = null;
    KeyAlgorithm keyAlgo = getKeyEncryptionAlgorithm(m, props, null, null);
    if (inHeaders != null && inHeaders.getHeader(JoseConstants.HEADER_X509_CHAIN) != null) {
        // Supporting loading a private key via a certificate for now
        List<X509Certificate> chain = KeyManagementUtils.toX509CertificateChain(inHeaders.getX509Chain());
        KeyManagementUtils.validateCertificateChain(props, chain);
        X509Certificate cert = chain == null ? null : chain.get(0);
        PrivateKey privateKey = KeyManagementUtils.loadPrivateKey(m, props, cert, KeyOperation.DECRYPT);
        if (keyAlgo == null) {
            keyAlgo = getDefaultPrivateKeyAlgorithm(privateKey);
        }
        contentAlgo = inHeaders.getContentEncryptionAlgorithm();
        keyDecryptionProvider = getPrivateKeyDecryptionProvider(privateKey, keyAlgo);
    } else if (inHeaders != null && inHeaders.getHeader(JoseConstants.HEADER_X509_THUMBPRINT) != null) {
        X509Certificate foundCert = KeyManagementUtils.getCertificateFromThumbprint(inHeaders.getX509Thumbprint(), MessageDigestUtils.ALGO_SHA_1, m, props);
        if (foundCert != null) {
            PrivateKey privateKey = KeyManagementUtils.loadPrivateKey(m, props, foundCert, KeyOperation.DECRYPT);
            if (keyAlgo == null) {
                keyAlgo = getDefaultPrivateKeyAlgorithm(privateKey);
            }
            contentAlgo = inHeaders.getContentEncryptionAlgorithm();
            keyDecryptionProvider = getPrivateKeyDecryptionProvider(privateKey, keyAlgo);
        }
    } else if (inHeaders != null && inHeaders.getHeader(JoseConstants.HEADER_X509_THUMBPRINT_SHA256) != null) {
        X509Certificate foundCert = KeyManagementUtils.getCertificateFromThumbprint(inHeaders.getX509ThumbprintSHA256(), MessageDigestUtils.ALGO_SHA_256, m, props);
        if (foundCert != null) {
            PrivateKey privateKey = KeyManagementUtils.loadPrivateKey(m, props, foundCert, KeyOperation.DECRYPT);
            if (keyAlgo == null) {
                keyAlgo = getDefaultPrivateKeyAlgorithm(privateKey);
            }
            contentAlgo = inHeaders.getContentEncryptionAlgorithm();
            keyDecryptionProvider = getPrivateKeyDecryptionProvider(privateKey, keyAlgo);
        }
    } else {
        if (JoseConstants.HEADER_JSON_WEB_KEY.equals(props.get(JoseConstants.RSSEC_KEY_STORE_TYPE))) {
            JsonWebKey jwk = JwkUtils.loadJsonWebKey(m, props, KeyOperation.DECRYPT);
            if (jwk == null) {
                LOG.warning("Extracting the JsonWebKey failed");
                throw new JweException(JweException.Error.KEY_DECRYPTION_FAILURE);
            }
            if (KeyAlgorithm.DIRECT == keyAlgo) {
                contentAlgo = getContentEncryptionAlgorithm(m, props, ContentAlgorithm.getAlgorithm(jwk.getAlgorithm()), ContentAlgorithm.A128GCM);
                ctDecryptionKey = getContentDecryptionSecretKey(jwk, contentAlgo.getJwaName());
            } else {
                keyAlgo = getKeyEncryptionAlgorithm(m, props, KeyAlgorithm.getAlgorithm(jwk.getAlgorithm()), getDefaultKeyAlgorithm(jwk));
                keyDecryptionProvider = getKeyDecryptionProvider(jwk, keyAlgo);
            }
        } else if (keyAlgo != null && AlgorithmUtils.PBES_HS_SET.contains(keyAlgo.getJwaName())) {
            PrivateKeyPasswordProvider provider = KeyManagementUtils.loadPasswordProvider(m, props, KeyOperation.DECRYPT);
            char[] password = provider != null ? provider.getPassword(props) : null;
            if (password == null) {
                throw new JweException(JweException.Error.KEY_DECRYPTION_FAILURE);
            }
            keyDecryptionProvider = new PbesHmacAesWrapKeyDecryptionAlgorithm(new String(password));
        } else {
            PrivateKey privateKey = KeyManagementUtils.loadPrivateKey(m, props, KeyOperation.DECRYPT);
            if (keyAlgo == null) {
                keyAlgo = getDefaultPrivateKeyAlgorithm(privateKey);
            }
            keyDecryptionProvider = getPrivateKeyDecryptionProvider(privateKey, keyAlgo);
        }
    }
    return createJweDecryptionProvider(keyDecryptionProvider, ctDecryptionKey, contentAlgo);
}
Also used : ECPrivateKey(java.security.interfaces.ECPrivateKey) RSAPrivateKey(java.security.interfaces.RSAPrivateKey) PrivateKey(java.security.PrivateKey) Message(org.apache.cxf.message.Message) JsonWebKey(org.apache.cxf.rs.security.jose.jwk.JsonWebKey) PrivateKeyPasswordProvider(org.apache.cxf.rs.security.jose.common.PrivateKeyPasswordProvider) X509Certificate(java.security.cert.X509Certificate) KeyAlgorithm(org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm) SecretKey(javax.crypto.SecretKey) ContentAlgorithm(org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm)

Example 2 with PrivateKeyPasswordProvider

use of org.apache.cxf.rs.security.jose.common.PrivateKeyPasswordProvider in project cxf by apache.

the class JwkUtils method loadJsonWebKeys.

public static List<JsonWebKey> loadJsonWebKeys(Message m, Properties props, KeyOperation keyOper) {
    PrivateKeyPasswordProvider cb = KeyManagementUtils.loadPasswordProvider(m, props, keyOper);
    JsonWebKeys jwkSet = loadJwkSet(m, props, cb);
    String kid = KeyManagementUtils.getKeyId(m, props, JoseConstants.RSSEC_KEY_STORE_ALIAS, keyOper);
    if (kid != null) {
        return Collections.singletonList(jwkSet.getKey(kid));
    }
    String kids = KeyManagementUtils.getKeyId(m, props, JoseConstants.RSSEC_KEY_STORE_ALIASES, keyOper);
    if (kids != null) {
        String[] values = kids.split(",");
        List<JsonWebKey> keys = new ArrayList<>(values.length);
        for (String value : values) {
            keys.add(jwkSet.getKey(value));
        }
        return keys;
    }
    if (keyOper != null) {
        List<JsonWebKey> keys = jwkSet.getKeyOperationMap().get(keyOper);
        if (keys != null && keys.size() == 1) {
            return Collections.singletonList(keys.get(0));
        }
    }
    return null;
}
Also used : ArrayList(java.util.ArrayList) PrivateKeyPasswordProvider(org.apache.cxf.rs.security.jose.common.PrivateKeyPasswordProvider)

Example 3 with PrivateKeyPasswordProvider

use of org.apache.cxf.rs.security.jose.common.PrivateKeyPasswordProvider in project cxf by apache.

the class JwkUtils method loadJsonWebKey.

public static JsonWebKey loadJsonWebKey(Message m, Properties props, KeyOperation keyOper, String inHeaderKid) {
    PrivateKeyPasswordProvider cb = KeyManagementUtils.loadPasswordProvider(m, props, keyOper);
    JsonWebKeys jwkSet = loadJwkSet(m, props, cb);
    String kid = null;
    if (inHeaderKid != null && MessageUtils.getContextualBoolean(m, JoseConstants.RSSEC_ACCEPT_PUBLIC_KEY, false)) {
        kid = inHeaderKid;
    } else {
        kid = KeyManagementUtils.getKeyId(m, props, JoseConstants.RSSEC_KEY_STORE_ALIAS, keyOper);
    }
    if (kid != null) {
        return jwkSet.getKey(kid);
    } else if (keyOper != null) {
        List<JsonWebKey> keys = jwkSet.getKeyOperationMap().get(keyOper);
        if (keys != null && keys.size() == 1) {
            return keys.get(0);
        }
    }
    return null;
}
Also used : List(java.util.List) ArrayList(java.util.ArrayList) PrivateKeyPasswordProvider(org.apache.cxf.rs.security.jose.common.PrivateKeyPasswordProvider)

Example 4 with PrivateKeyPasswordProvider

use of org.apache.cxf.rs.security.jose.common.PrivateKeyPasswordProvider in project cxf by apache.

the class JAXRSJweJwsTest method doTestJweJwkAesCbcHMac.

private void doTestJweJwkAesCbcHMac(String propFile) throws Exception {
    String address = "https://localhost:" + PORT + "/jwejwkaescbchmac";
    JAXRSClientFactoryBean bean = new JAXRSClientFactoryBean();
    SpringBusFactory bf = new SpringBusFactory();
    URL busFile = JAXRSJweJwsTest.class.getResource("client.xml");
    Bus springBus = bf.createBus(busFile.toString());
    bean.setBus(springBus);
    bean.setServiceClass(BookStore.class);
    bean.setAddress(address);
    List<Object> providers = new LinkedList<Object>();
    JweWriterInterceptor jweWriter = new JweWriterInterceptor();
    jweWriter.setUseJweOutputStream(true);
    providers.add(jweWriter);
    providers.add(new JweClientResponseFilter());
    bean.setProviders(providers);
    bean.getProperties(true).put("rs.security.encryption.properties", propFile);
    PrivateKeyPasswordProvider provider = new PrivateKeyPasswordProviderImpl("Thus from my lips, by yours, my sin is purged.");
    bean.getProperties(true).put("rs.security.key.password.provider", provider);
    BookStore bs = bean.create(BookStore.class);
    String text = bs.echoText("book");
    assertEquals("book", text);
}
Also used : Bus(org.apache.cxf.Bus) BookStore(org.apache.cxf.systest.jaxrs.security.jose.BookStore) JAXRSClientFactoryBean(org.apache.cxf.jaxrs.client.JAXRSClientFactoryBean) JweWriterInterceptor(org.apache.cxf.rs.security.jose.jaxrs.JweWriterInterceptor) PrivateKeyPasswordProvider(org.apache.cxf.rs.security.jose.common.PrivateKeyPasswordProvider) URL(java.net.URL) LinkedList(java.util.LinkedList) SpringBusFactory(org.apache.cxf.bus.spring.SpringBusFactory) JweClientResponseFilter(org.apache.cxf.rs.security.jose.jaxrs.JweClientResponseFilter)

Example 5 with PrivateKeyPasswordProvider

use of org.apache.cxf.rs.security.jose.common.PrivateKeyPasswordProvider in project cxf by apache.

the class JAXRSJweJwsTest method testJweRsaJwsRsaCert.

@Test
public void testJweRsaJwsRsaCert() throws Exception {
    String address = "https://localhost:" + PORT + "/jwejwsrsacert";
    JAXRSClientFactoryBean bean = new JAXRSClientFactoryBean();
    SpringBusFactory bf = new SpringBusFactory();
    URL busFile = JAXRSJweJwsTest.class.getResource("client.xml");
    Bus springBus = bf.createBus(busFile.toString());
    bean.setBus(springBus);
    bean.setServiceClass(BookStore.class);
    bean.setAddress(address);
    List<Object> providers = new LinkedList<Object>();
    JweWriterInterceptor jweWriter = new JweWriterInterceptor();
    jweWriter.setUseJweOutputStream(true);
    providers.add(jweWriter);
    providers.add(new JweClientResponseFilter());
    JwsWriterInterceptor jwsWriter = new JwsWriterInterceptor();
    jwsWriter.setUseJwsOutputStream(true);
    providers.add(jwsWriter);
    providers.add(new JwsClientResponseFilter());
    bean.setProviders(providers);
    bean.getProperties(true).put("rs.security.keystore.file", "org/apache/cxf/systest/jaxrs/security/certs/jwkPublicSet.txt");
    bean.getProperties(true).put("rs.security.signature.out.properties", CLIENT_JWEJWS_PROPERTIES);
    bean.getProperties(true).put("rs.security.encryption.in.properties", CLIENT_JWEJWS_PROPERTIES);
    PrivateKeyPasswordProvider provider = new PrivateKeyPasswordProviderImpl();
    bean.getProperties(true).put("rs.security.signature.key.password.provider", provider);
    bean.getProperties(true).put("rs.security.decryption.key.password.provider", provider);
    BookStore bs = bean.create(BookStore.class);
    WebClient.getConfig(bs).getRequestContext().put("rs.security.keystore.alias.jwe.out", "AliceCert");
    WebClient.getConfig(bs).getRequestContext().put("rs.security.keystore.alias.jws.in", "AliceCert");
    String text = bs.echoText("book");
    assertEquals("book", text);
}
Also used : Bus(org.apache.cxf.Bus) BookStore(org.apache.cxf.systest.jaxrs.security.jose.BookStore) JwsClientResponseFilter(org.apache.cxf.rs.security.jose.jaxrs.JwsClientResponseFilter) JAXRSClientFactoryBean(org.apache.cxf.jaxrs.client.JAXRSClientFactoryBean) JweWriterInterceptor(org.apache.cxf.rs.security.jose.jaxrs.JweWriterInterceptor) PrivateKeyPasswordProvider(org.apache.cxf.rs.security.jose.common.PrivateKeyPasswordProvider) URL(java.net.URL) LinkedList(java.util.LinkedList) SpringBusFactory(org.apache.cxf.bus.spring.SpringBusFactory) JweClientResponseFilter(org.apache.cxf.rs.security.jose.jaxrs.JweClientResponseFilter) JwsWriterInterceptor(org.apache.cxf.rs.security.jose.jaxrs.JwsWriterInterceptor) Test(org.junit.Test)

Aggregations

PrivateKeyPasswordProvider (org.apache.cxf.rs.security.jose.common.PrivateKeyPasswordProvider)7 URL (java.net.URL)3 LinkedList (java.util.LinkedList)3 Bus (org.apache.cxf.Bus)3 SpringBusFactory (org.apache.cxf.bus.spring.SpringBusFactory)3 JAXRSClientFactoryBean (org.apache.cxf.jaxrs.client.JAXRSClientFactoryBean)3 JweClientResponseFilter (org.apache.cxf.rs.security.jose.jaxrs.JweClientResponseFilter)3 JweWriterInterceptor (org.apache.cxf.rs.security.jose.jaxrs.JweWriterInterceptor)3 ArrayList (java.util.ArrayList)2 JwsClientResponseFilter (org.apache.cxf.rs.security.jose.jaxrs.JwsClientResponseFilter)2 JwsWriterInterceptor (org.apache.cxf.rs.security.jose.jaxrs.JwsWriterInterceptor)2 KeyAlgorithm (org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm)2 JsonWebKey (org.apache.cxf.rs.security.jose.jwk.JsonWebKey)2 BookStore (org.apache.cxf.systest.jaxrs.security.jose.BookStore)2 PrivateKey (java.security.PrivateKey)1 X509Certificate (java.security.cert.X509Certificate)1 ECPrivateKey (java.security.interfaces.ECPrivateKey)1 RSAPrivateKey (java.security.interfaces.RSAPrivateKey)1 List (java.util.List)1 SecretKey (javax.crypto.SecretKey)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial