Example 6 with SignatureAlgorithm
use of org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm in project cxf by apache.
the class JWTTokenValidator method isVerifiedWithAPublicKey.
private boolean isVerifiedWithAPublicKey(JwtToken jwt) {
String alg = (String) jwt.getJwsHeader(JoseConstants.HEADER_ALGORITHM);
SignatureAlgorithm sigAlg = SignatureAlgorithm.getAlgorithm(alg);
return SignatureAlgorithm.isPublicKeyAlgorithm(sigAlg);
}
Also used :
SignatureAlgorithm(org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm)
Example 7 with SignatureAlgorithm
use of org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm in project cxf by apache.
the class IdTokenResponseFilter method setAtHashAndNonce.
private void setAtHashAndNonce(IdToken idToken, ServerAccessToken st) {
String rType = st.getResponseType();
boolean atHashRequired = idToken.getAccessTokenHash() == null && (rType == null || !rType.equals(OidcUtils.ID_TOKEN_RESPONSE_TYPE));
boolean cHashRequired = idToken.getAuthorizationCodeHash() == null && rType != null && (rType.equals(OidcUtils.CODE_ID_TOKEN_AT_RESPONSE_TYPE) || rType.equals(OidcUtils.CODE_ID_TOKEN_RESPONSE_TYPE));
Message m = JAXRSUtils.getCurrentMessage();
if (atHashRequired || cHashRequired) {
Properties props = JwsUtils.loadSignatureOutProperties(false);
SignatureAlgorithm sigAlgo = null;
if (super.isSignWithClientSecret()) {
sigAlgo = OAuthUtils.getClientSecretSignatureAlgorithm(props);
} else {
sigAlgo = JwsUtils.getSignatureAlgorithm(props, SignatureAlgorithm.RS256);
}
if (sigAlgo != SignatureAlgorithm.NONE) {
if (atHashRequired) {
String atHash = OidcUtils.calculateAccessTokenHash(st.getTokenKey(), sigAlgo);
idToken.setAccessTokenHash(atHash);
}
if (cHashRequired) {
// c_hash can be returned from either Authorization or Token endpoints
String code;
if (st.getGrantCode() != null) {
// This is a token endpoint, the code has been exchanged for a token
code = st.getGrantCode();
} else {
// Authorization endpoint: hybrid flow, implicit part
code = (String) m.getExchange().get(OAuthConstants.AUTHORIZATION_CODE_VALUE);
}
if (code != null) {
idToken.setAuthorizationCodeHash(OidcUtils.calculateAuthorizationCodeHash(code, sigAlgo));
}
}
}
}
if (m != null && m.getExchange().containsKey(OAuthConstants.NONCE)) {
idToken.setNonce((String) m.getExchange().get(OAuthConstants.NONCE));
} else if (st.getNonce() != null) {
idToken.setNonce(st.getNonce());
}
}
Also used :
Message(org.apache.cxf.message.Message)
SignatureAlgorithm(org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm)
Properties(java.util.Properties)
Example 8 with SignatureAlgorithm
use of org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm in project cxf by apache.
the class OAuthUtils method getClientSecretSignatureAlgorithm.
public static SignatureAlgorithm getClientSecretSignatureAlgorithm(Properties sigProps) {
String clientSecretSigProp = sigProps.getProperty(OAuthConstants.CLIENT_SECRET_SIGNATURE_ALGORITHM);
if (clientSecretSigProp == null) {
String sigProp = sigProps.getProperty(JoseConstants.RSSEC_SIGNATURE_ALGORITHM);
if (AlgorithmUtils.isHmacSign(sigProp)) {
clientSecretSigProp = sigProp;
}
}
SignatureAlgorithm sigAlgo = SignatureAlgorithm.getAlgorithm(clientSecretSigProp);
sigAlgo = sigAlgo != null ? sigAlgo : SignatureAlgorithm.HS256;
if (!AlgorithmUtils.isHmacSign(sigAlgo)) {
// Must be HS-based for the symmetric signature
throw new OAuthServiceException(OAuthConstants.SERVER_ERROR);
}
return sigAlgo;
}
Also used :
OAuthServiceException(org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException)
SignatureAlgorithm(org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm)
Example 9 with SignatureAlgorithm
use of org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm in project cxf by apache.
the class AbstractJwsSignatureProvider method prepareHeaders.
protected JwsHeaders prepareHeaders(JwsHeaders headers) {
if (headers == null) {
headers = new JwsHeaders();
}
SignatureAlgorithm sigAlgo = headers.getSignatureAlgorithm();
if (sigAlgo != null) {
checkAlgorithm(sigAlgo.getJwaName());
} else {
checkAlgorithm(algorithm.getJwaName());
headers.setSignatureAlgorithm(algorithm);
}
return headers;
}
Also used :
SignatureAlgorithm(org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm)
Example 10 with SignatureAlgorithm
use of org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm in project cxf by apache.
the class JwsCompactProducer method checkAlgorithm.
private void checkAlgorithm() {
if (getAlgorithm() == null) {
Properties sigProps = JwsUtils.loadSignatureOutProperties(false);
Message m = PhaseInterceptorChain.getCurrentMessage();
SignatureAlgorithm signatureAlgo = JwsUtils.getSignatureAlgorithm(m, sigProps, null, null);
if (signatureAlgo != null) {
getJwsHeaders().setSignatureAlgorithm(signatureAlgo);
}
}
if (getAlgorithm() == null) {
throw new JwsException(JwsException.Error.INVALID_ALGORITHM);
}
}
Also used :
Message(org.apache.cxf.message.Message)
SignatureAlgorithm(org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm)
Properties(java.util.Properties)
Aggregations
SignatureAlgorithm (org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm)12
Properties (java.util.Properties)3
ArrayList (java.util.ArrayList)2
List (java.util.List)2
Message (org.apache.cxf.message.Message)2
JsonWebKey (org.apache.cxf.rs.security.jose.jwk.JsonWebKey)2
KeyType (org.apache.cxf.rs.security.jose.jwk.KeyType)2
PrivateKey (java.security.PrivateKey)1
X509Certificate (java.security.cert.X509Certificate)1
ECPrivateKey (java.security.interfaces.ECPrivateKey)1
RSAPrivateKey (java.security.interfaces.RSAPrivateKey)1
HashMap (java.util.HashMap)1
JwtToken (org.apache.cxf.rs.security.jose.jwt.JwtToken)1
OAuthJoseJwtProducer (org.apache.cxf.rs.security.oauth2.provider.OAuthJoseJwtProducer)1
OAuthServiceException (org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException)1
