Example 1 with SignatureAlgorithm
use of org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm in project cxf by apache.
the class OidcImplicitService method processIdToken.
protected String processIdToken(OAuthRedirectionState state, IdToken idToken) {
OAuthJoseJwtProducer processor = idTokenHandler == null ? new OAuthJoseJwtProducer() : idTokenHandler;
String code = (String) JAXRSUtils.getCurrentMessage().getExchange().get(OAuthConstants.AUTHORIZATION_CODE_VALUE);
if (code != null) {
// this service is invoked as part of the hybrid flow
Properties props = JwsUtils.loadSignatureOutProperties(false);
SignatureAlgorithm sigAlgo = null;
if (processor.isSignWithClientSecret()) {
sigAlgo = OAuthUtils.getClientSecretSignatureAlgorithm(props);
} else {
sigAlgo = JwsUtils.getSignatureAlgorithm(props, SignatureAlgorithm.RS256);
}
idToken.setAuthorizationCodeHash(OidcUtils.calculateAuthorizationCodeHash(code, sigAlgo));
}
idToken.setNonce(state.getNonce());
return processor.processJwt(new JwtToken(idToken));
}
Also used :
JwtToken(org.apache.cxf.rs.security.jose.jwt.JwtToken)
OAuthJoseJwtProducer(org.apache.cxf.rs.security.oauth2.provider.OAuthJoseJwtProducer)
SignatureAlgorithm(org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm)
Properties(java.util.Properties)
Example 2 with SignatureAlgorithm
use of org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm in project cxf by apache.
the class JwsUtils method getJwsJsonSignatureMap.
public static Map<SignatureAlgorithm, List<JwsJsonSignatureEntry>> getJwsJsonSignatureMap(List<JwsJsonSignatureEntry> signatures) {
Map<SignatureAlgorithm, List<JwsJsonSignatureEntry>> map = new HashMap<>();
for (JwsJsonSignatureEntry entry : signatures) {
SignatureAlgorithm sigAlgorithm = entry.getUnionHeader().getSignatureAlgorithm();
List<JwsJsonSignatureEntry> entries = map.get(sigAlgorithm);
if (entries == null) {
entries = new ArrayList<>();
}
entries.add(entry);
map.put(sigAlgorithm, entries);
}
return map;
}
Also used :
HashMap(java.util.HashMap)
SignatureAlgorithm(org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm)
ArrayList(java.util.ArrayList)
List(java.util.List)
Example 3 with SignatureAlgorithm
use of org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm in project cxf by apache.
the class JwsUtils method getSignatureProvider.
public static JwsSignatureProvider getSignatureProvider(JsonWebKey jwk, SignatureAlgorithm defaultAlgorithm) {
SignatureAlgorithm sigAlgo = jwk.getAlgorithm() == null ? defaultAlgorithm : SignatureAlgorithm.getAlgorithm(jwk.getAlgorithm());
JwsSignatureProvider theSigProvider = null;
KeyType keyType = jwk.getKeyType();
if (KeyType.RSA == keyType) {
theSigProvider = getPrivateKeySignatureProvider(JwkUtils.toRSAPrivateKey(jwk), sigAlgo);
} else if (KeyType.OCTET == keyType) {
byte[] key = JoseUtils.decode((String) jwk.getProperty(JsonWebKey.OCTET_KEY_VALUE));
theSigProvider = getHmacSignatureProvider(key, sigAlgo);
} else if (KeyType.EC == jwk.getKeyType()) {
theSigProvider = getPrivateKeySignatureProvider(JwkUtils.toECPrivateKey(jwk), sigAlgo);
}
return theSigProvider;
}
Also used :
KeyType(org.apache.cxf.rs.security.jose.jwk.KeyType)
SignatureAlgorithm(org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm)
Example 4 with SignatureAlgorithm
use of org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm in project cxf by apache.
the class JwsUtils method loadSignatureProvider.
public static JwsSignatureProvider loadSignatureProvider(Message m, Properties props, JwsHeaders headers) {
JwsSignatureProvider theSigProvider = null;
boolean includeCert = JoseUtils.checkBooleanProperty(headers, props, m, JoseConstants.RSSEC_SIGNATURE_INCLUDE_CERT);
boolean includeCertSha1 = JoseUtils.checkBooleanProperty(headers, props, m, JoseConstants.RSSEC_SIGNATURE_INCLUDE_CERT_SHA1);
boolean includeCertSha256 = JoseUtils.checkBooleanProperty(headers, props, m, JoseConstants.RSSEC_SIGNATURE_INCLUDE_CERT_SHA256);
boolean includeKeyId = JoseUtils.checkBooleanProperty(headers, props, m, JoseConstants.RSSEC_SIGNATURE_INCLUDE_KEY_ID);
if (JoseConstants.HEADER_JSON_WEB_KEY.equals(props.get(JoseConstants.RSSEC_KEY_STORE_TYPE))) {
JsonWebKey jwk = JwkUtils.loadJsonWebKey(m, props, KeyOperation.SIGN);
if (jwk != null) {
SignatureAlgorithm signatureAlgo = getSignatureAlgorithm(m, props, SignatureAlgorithm.getAlgorithm(jwk.getAlgorithm()), getDefaultKeyAlgorithm(jwk));
theSigProvider = JwsUtils.getSignatureProvider(jwk, signatureAlgo);
boolean includePublicKey = JoseUtils.checkBooleanProperty(headers, props, m, JoseConstants.RSSEC_SIGNATURE_INCLUDE_PUBLIC_KEY);
if (includeCert) {
JwkUtils.includeCertChain(jwk, headers, signatureAlgo.getJwaName());
}
if (includeCertSha1) {
KeyManagementUtils.setSha1DigestHeader(headers, m, props);
} else if (includeCertSha256) {
KeyManagementUtils.setSha256DigestHeader(headers, m, props);
}
if (includePublicKey) {
JwkUtils.includePublicKey(jwk, headers, signatureAlgo.getJwaName());
}
if (includeKeyId && jwk.getKeyId() != null) {
headers.setKeyId(jwk.getKeyId());
}
}
} else {
SignatureAlgorithm signatureAlgo = getSignatureAlgorithm(m, props, null, null);
if (signatureAlgo == SignatureAlgorithm.NONE) {
theSigProvider = new NoneJwsSignatureProvider();
} else {
PrivateKey pk = KeyManagementUtils.loadPrivateKey(m, props, KeyOperation.SIGN);
if (signatureAlgo == null) {
signatureAlgo = getDefaultPrivateKeyAlgorithm(pk);
}
theSigProvider = getPrivateKeySignatureProvider(pk, signatureAlgo);
if (includeCert) {
headers.setX509Chain(KeyManagementUtils.loadAndEncodeX509CertificateOrChain(m, props));
}
if (includeCertSha1) {
KeyManagementUtils.setSha1DigestHeader(headers, m, props);
} else if (includeCertSha256) {
KeyManagementUtils.setSha256DigestHeader(headers, m, props);
}
if (includeKeyId && props.containsKey(JoseConstants.RSSEC_KEY_STORE_ALIAS)) {
headers.setKeyId(props.getProperty(JoseConstants.RSSEC_KEY_STORE_ALIAS));
}
}
}
if (theSigProvider == null) {
LOG.warning("Provider is not available");
throw new JwsException(JwsException.Error.NO_PROVIDER);
}
return theSigProvider;
}
Also used :
ECPrivateKey(java.security.interfaces.ECPrivateKey)
RSAPrivateKey(java.security.interfaces.RSAPrivateKey)
PrivateKey(java.security.PrivateKey)
JsonWebKey(org.apache.cxf.rs.security.jose.jwk.JsonWebKey)
SignatureAlgorithm(org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm)
Example 5 with SignatureAlgorithm
use of org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm in project cxf by apache.
the class AbstractJwtAuthenticationFilter method isVerifiedWithAPublicKey.
private boolean isVerifiedWithAPublicKey(JwtToken jwt) {
if (isJwsRequired()) {
String alg = (String) jwt.getJwsHeader(JoseConstants.HEADER_ALGORITHM);
SignatureAlgorithm sigAlg = SignatureAlgorithm.getAlgorithm(alg);
return SignatureAlgorithm.isPublicKeyAlgorithm(sigAlg);
}
return false;
}
Also used :
SignatureAlgorithm(org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm)
Aggregations
SignatureAlgorithm (org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm)12
Properties (java.util.Properties)3
ArrayList (java.util.ArrayList)2
List (java.util.List)2
Message (org.apache.cxf.message.Message)2
JsonWebKey (org.apache.cxf.rs.security.jose.jwk.JsonWebKey)2
KeyType (org.apache.cxf.rs.security.jose.jwk.KeyType)2
PrivateKey (java.security.PrivateKey)1
X509Certificate (java.security.cert.X509Certificate)1
ECPrivateKey (java.security.interfaces.ECPrivateKey)1
RSAPrivateKey (java.security.interfaces.RSAPrivateKey)1
HashMap (java.util.HashMap)1
JwtToken (org.apache.cxf.rs.security.jose.jwt.JwtToken)1
OAuthJoseJwtProducer (org.apache.cxf.rs.security.oauth2.provider.OAuthJoseJwtProducer)1
OAuthServiceException (org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException)1
