Search in sources :

Example 1 with ContentEncryptionProvider

use of org.apache.cxf.rs.security.jose.jwe.ContentEncryptionProvider in project cxf by apache.

the class AbstractJweJsonWriterProvider method getInitializedEncryptionProviders.

protected List<JweEncryptionProvider> getInitializedEncryptionProviders(List<String> propLocs, JweHeaders sharedProtectedHeaders, List<JweHeaders> perRecipientUnprotectedHeaders) {
    if (encProviders != null) {
        return encProviders;
    }
    // The task is to have a single ContentEncryptionProvider instance,
    // configured to generate CEK only once, paired with all the loaded
    // KeyEncryptionProviders to have JweEncryptionProviders initialized
    Message m = JAXRSUtils.getCurrentMessage();
    // Load all the properties
    List<Properties> propsList = new ArrayList<>(propLocs.size());
    for (int i = 0; i < propLocs.size(); i++) {
        propsList.add(JweUtils.loadJweProperties(m, propLocs.get(i)));
    }
    ContentAlgorithm ctAlgo = null;
    // This set is to find out how many key encryption algorithms are used
    // If only one then save it in the shared protected headers as opposed to
    // per-recipient specific not protected ones
    Set<KeyAlgorithm> keyAlgos = new HashSet<>();
    List<KeyEncryptionProvider> keyProviders = new LinkedList<>();
    for (int i = 0; i < propLocs.size(); i++) {
        Properties props = propsList.get(i);
        ContentAlgorithm currentCtAlgo = JweUtils.getContentEncryptionAlgorithm(m, props, ContentAlgorithm.A128GCM);
        if (ctAlgo == null) {
            ctAlgo = currentCtAlgo;
        } else if (currentCtAlgo != null && !ctAlgo.equals(currentCtAlgo)) {
            // ctAlgo must be the same for all the recipients
            throw new JweException(JweException.Error.INVALID_CONTENT_ALGORITHM);
        }
        JweHeaders perRecipientUnprotectedHeader = perRecipientUnprotectedHeaders.get(i);
        KeyEncryptionProvider keyEncryptionProvider = JweUtils.loadKeyEncryptionProvider(props, m, perRecipientUnprotectedHeader);
        if (keyEncryptionProvider.getAlgorithm() == KeyAlgorithm.DIRECT && propLocs.size() > 1) {
            throw new JweException(JweException.Error.INVALID_JSON_JWE);
        }
        keyProviders.add(keyEncryptionProvider);
        keyAlgos.add(perRecipientUnprotectedHeader.getKeyEncryptionAlgorithm());
    }
    if (ctAlgo == null) {
        throw new JweException(JweException.Error.INVALID_CONTENT_ALGORITHM);
    }
    sharedProtectedHeaders.setContentEncryptionAlgorithm(ctAlgo);
    List<JweEncryptionProvider> theEncProviders = new LinkedList<>();
    if (keyProviders.size() == 1 && keyProviders.get(0).getAlgorithm() == KeyAlgorithm.DIRECT) {
        JsonWebKey jwk = JwkUtils.loadJsonWebKey(m, propsList.get(0), KeyOperation.ENCRYPT);
        if (jwk != null) {
            ContentEncryptionProvider ctProvider = JweUtils.getContentEncryptionProvider(jwk, ctAlgo);
            JweEncryptionProvider encProvider = new JweEncryption(keyProviders.get(0), ctProvider);
            theEncProviders.add(encProvider);
        }
    } else {
        ContentEncryptionProvider ctProvider = JweUtils.getContentEncryptionProvider(ctAlgo, true);
        for (int i = 0; i < keyProviders.size(); i++) {
            JweEncryptionProvider encProvider = new JweEncryption(keyProviders.get(i), ctProvider);
            theEncProviders.add(encProvider);
        }
    }
    if (keyAlgos.size() == 1) {
        sharedProtectedHeaders.setKeyEncryptionAlgorithm(keyAlgos.iterator().next());
        for (int i = 0; i < perRecipientUnprotectedHeaders.size(); i++) {
            perRecipientUnprotectedHeaders.get(i).removeProperty(JoseConstants.JWE_HEADER_KEY_ENC_ALGORITHM);
        }
    }
    return theEncProviders;
}
Also used : ContentEncryptionProvider(org.apache.cxf.rs.security.jose.jwe.ContentEncryptionProvider) KeyEncryptionProvider(org.apache.cxf.rs.security.jose.jwe.KeyEncryptionProvider) Message(org.apache.cxf.message.Message) JweEncryptionProvider(org.apache.cxf.rs.security.jose.jwe.JweEncryptionProvider) ArrayList(java.util.ArrayList) JsonWebKey(org.apache.cxf.rs.security.jose.jwk.JsonWebKey) Properties(java.util.Properties) JweEncryption(org.apache.cxf.rs.security.jose.jwe.JweEncryption) LinkedList(java.util.LinkedList) KeyAlgorithm(org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm) JweHeaders(org.apache.cxf.rs.security.jose.jwe.JweHeaders) JweException(org.apache.cxf.rs.security.jose.jwe.JweException) ContentAlgorithm(org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm) HashSet(java.util.HashSet)

Aggregations

ArrayList (java.util.ArrayList)1 HashSet (java.util.HashSet)1 LinkedList (java.util.LinkedList)1 Properties (java.util.Properties)1 Message (org.apache.cxf.message.Message)1 ContentAlgorithm (org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm)1 KeyAlgorithm (org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm)1 ContentEncryptionProvider (org.apache.cxf.rs.security.jose.jwe.ContentEncryptionProvider)1 JweEncryption (org.apache.cxf.rs.security.jose.jwe.JweEncryption)1 JweEncryptionProvider (org.apache.cxf.rs.security.jose.jwe.JweEncryptionProvider)1 JweException (org.apache.cxf.rs.security.jose.jwe.JweException)1 JweHeaders (org.apache.cxf.rs.security.jose.jwe.JweHeaders)1 KeyEncryptionProvider (org.apache.cxf.rs.security.jose.jwe.KeyEncryptionProvider)1 JsonWebKey (org.apache.cxf.rs.security.jose.jwk.JsonWebKey)1