Example 6 with PrivateKeyPasswordProvider
use of org.apache.cxf.rs.security.jose.common.PrivateKeyPasswordProvider in project cxf by apache.
the class JweUtils method loadKeyEncryptionProvider.
public static KeyEncryptionProvider loadKeyEncryptionProvider(Properties props, Message m, JweHeaders headers) {
KeyEncryptionProvider keyEncryptionProvider = null;
KeyAlgorithm keyAlgo = getKeyEncryptionAlgorithm(m, props, null, null);
if (KeyAlgorithm.DIRECT == keyAlgo) {
keyEncryptionProvider = new DirectKeyEncryptionAlgorithm();
} else if (keyAlgo != null && AlgorithmUtils.PBES_HS_SET.contains(keyAlgo.getJwaName())) {
PrivateKeyPasswordProvider provider = KeyManagementUtils.loadPasswordProvider(m, props, KeyOperation.ENCRYPT);
char[] password = provider != null ? provider.getPassword(props) : null;
if (password == null) {
throw new JweException(JweException.Error.KEY_ENCRYPTION_FAILURE);
}
int pbes2Count = MessageUtils.getContextualInteger(m, JoseConstants.RSSEC_ENCRYPTION_PBES2_COUNT, 4096);
return new PbesHmacAesWrapKeyEncryptionAlgorithm(new String(password), pbes2Count, keyAlgo, false);
} else {
boolean includeCert = JoseUtils.checkBooleanProperty(headers, props, m, JoseConstants.RSSEC_ENCRYPTION_INCLUDE_CERT);
boolean includeCertSha1 = JoseUtils.checkBooleanProperty(headers, props, m, JoseConstants.RSSEC_ENCRYPTION_INCLUDE_CERT_SHA1);
boolean includeCertSha256 = JoseUtils.checkBooleanProperty(headers, props, m, JoseConstants.RSSEC_ENCRYPTION_INCLUDE_CERT_SHA256);
boolean includeKeyId = JoseUtils.checkBooleanProperty(headers, props, m, JoseConstants.RSSEC_ENCRYPTION_INCLUDE_KEY_ID);
if (JoseConstants.HEADER_JSON_WEB_KEY.equals(props.get(JoseConstants.RSSEC_KEY_STORE_TYPE))) {
JsonWebKey jwk = JwkUtils.loadJsonWebKey(m, props, KeyOperation.ENCRYPT);
if (jwk != null) {
keyAlgo = getKeyEncryptionAlgorithm(m, props, KeyAlgorithm.getAlgorithm(jwk.getAlgorithm()), getDefaultKeyAlgorithm(jwk));
keyEncryptionProvider = getKeyEncryptionProvider(jwk, keyAlgo);
boolean includePublicKey = JoseUtils.checkBooleanProperty(headers, props, m, JoseConstants.RSSEC_ENCRYPTION_INCLUDE_PUBLIC_KEY);
if (includeCert) {
JwkUtils.includeCertChain(jwk, headers, keyAlgo.getJwaName());
}
if (includeCertSha1) {
KeyManagementUtils.setSha1DigestHeader(headers, m, props);
} else if (includeCertSha256) {
KeyManagementUtils.setSha256DigestHeader(headers, m, props);
}
if (includePublicKey) {
JwkUtils.includePublicKey(jwk, headers, keyAlgo.getJwaName());
}
if (includeKeyId && jwk.getKeyId() != null) {
headers.setKeyId(jwk.getKeyId());
}
}
} else {
keyEncryptionProvider = getPublicKeyEncryptionProvider(KeyManagementUtils.loadPublicKey(m, props), props, keyAlgo);
if (includeCert) {
headers.setX509Chain(KeyManagementUtils.loadAndEncodeX509CertificateOrChain(m, props));
}
if (includeCertSha1) {
KeyManagementUtils.setSha1DigestHeader(headers, m, props);
} else if (includeCertSha256) {
KeyManagementUtils.setSha256DigestHeader(headers, m, props);
}
if (includeKeyId && props.containsKey(JoseConstants.RSSEC_KEY_STORE_ALIAS)) {
headers.setKeyId(props.getProperty(JoseConstants.RSSEC_KEY_STORE_ALIAS));
}
}
}
if (keyEncryptionProvider == null) {
throw new JweException(JweException.Error.INVALID_KEY_ALGORITHM);
}
headers.setKeyEncryptionAlgorithm(keyEncryptionProvider.getAlgorithm());
return keyEncryptionProvider;
}
Also used :
JsonWebKey(org.apache.cxf.rs.security.jose.jwk.JsonWebKey)
PrivateKeyPasswordProvider(org.apache.cxf.rs.security.jose.common.PrivateKeyPasswordProvider)
KeyAlgorithm(org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm)
Example 7 with PrivateKeyPasswordProvider
use of org.apache.cxf.rs.security.jose.common.PrivateKeyPasswordProvider in project cxf by apache.
the class JAXRSJweJwsTest method createJweJwsBookStore.
private BookStore createJweJwsBookStore(String address, JwsSignatureProvider jwsSigProvider, List<?> mbProviders) throws Exception {
JAXRSClientFactoryBean bean = new JAXRSClientFactoryBean();
SpringBusFactory bf = new SpringBusFactory();
URL busFile = JAXRSJweJwsTest.class.getResource("client.xml");
Bus springBus = bf.createBus(busFile.toString());
bean.setBus(springBus);
bean.setServiceClass(BookStore.class);
bean.setAddress(address);
List<Object> providers = new LinkedList<Object>();
JweWriterInterceptor jweWriter = new JweWriterInterceptor();
jweWriter.setUseJweOutputStream(true);
providers.add(jweWriter);
providers.add(new JweClientResponseFilter());
JwsWriterInterceptor jwsWriter = new JwsWriterInterceptor();
if (jwsSigProvider != null) {
jwsWriter.setSignatureProvider(jwsSigProvider);
}
jwsWriter.setUseJwsOutputStream(true);
providers.add(jwsWriter);
providers.add(new JwsClientResponseFilter());
if (mbProviders != null) {
providers.addAll(mbProviders);
}
bean.setProviders(providers);
bean.getProperties(true).put("rs.security.encryption.out.properties", SERVER_JWEJWS_PROPERTIES);
bean.getProperties(true).put("rs.security.signature.out.properties", CLIENT_JWEJWS_PROPERTIES);
bean.getProperties(true).put("rs.security.encryption.in.properties", CLIENT_JWEJWS_PROPERTIES);
bean.getProperties(true).put("rs.security.signature.in.properties", SERVER_JWEJWS_PROPERTIES);
PrivateKeyPasswordProvider provider = new PrivateKeyPasswordProviderImpl();
bean.getProperties(true).put("rs.security.signature.key.password.provider", provider);
bean.getProperties(true).put("rs.security.decryption.key.password.provider", provider);
return bean.create(BookStore.class);
}
Also used :
Bus(org.apache.cxf.Bus)
JwsClientResponseFilter(org.apache.cxf.rs.security.jose.jaxrs.JwsClientResponseFilter)
JAXRSClientFactoryBean(org.apache.cxf.jaxrs.client.JAXRSClientFactoryBean)
JweWriterInterceptor(org.apache.cxf.rs.security.jose.jaxrs.JweWriterInterceptor)
PrivateKeyPasswordProvider(org.apache.cxf.rs.security.jose.common.PrivateKeyPasswordProvider)
URL(java.net.URL)
LinkedList(java.util.LinkedList)
SpringBusFactory(org.apache.cxf.bus.spring.SpringBusFactory)
JweClientResponseFilter(org.apache.cxf.rs.security.jose.jaxrs.JweClientResponseFilter)
JwsWriterInterceptor(org.apache.cxf.rs.security.jose.jaxrs.JwsWriterInterceptor)
Aggregations
PrivateKeyPasswordProvider (org.apache.cxf.rs.security.jose.common.PrivateKeyPasswordProvider)7
URL (java.net.URL)3
LinkedList (java.util.LinkedList)3
Bus (org.apache.cxf.Bus)3
SpringBusFactory (org.apache.cxf.bus.spring.SpringBusFactory)3
JAXRSClientFactoryBean (org.apache.cxf.jaxrs.client.JAXRSClientFactoryBean)3
JweClientResponseFilter (org.apache.cxf.rs.security.jose.jaxrs.JweClientResponseFilter)3
JweWriterInterceptor (org.apache.cxf.rs.security.jose.jaxrs.JweWriterInterceptor)3
ArrayList (java.util.ArrayList)2
JwsClientResponseFilter (org.apache.cxf.rs.security.jose.jaxrs.JwsClientResponseFilter)2
JwsWriterInterceptor (org.apache.cxf.rs.security.jose.jaxrs.JwsWriterInterceptor)2
KeyAlgorithm (org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm)2
JsonWebKey (org.apache.cxf.rs.security.jose.jwk.JsonWebKey)2
BookStore (org.apache.cxf.systest.jaxrs.security.jose.BookStore)2
PrivateKey (java.security.PrivateKey)1
X509Certificate (java.security.cert.X509Certificate)1
ECPrivateKey (java.security.interfaces.ECPrivateKey)1
RSAPrivateKey (java.security.interfaces.RSAPrivateKey)1
List (java.util.List)1
SecretKey (javax.crypto.SecretKey)1
