Example 1 with JweCompactConsumer
use of org.apache.cxf.rs.security.jose.jwe.JweCompactConsumer in project cxf by apache.
the class JsonWebKeyTest method testEncryptDecryptPrivateKey.
@Test
public void testEncryptDecryptPrivateKey() throws Exception {
final String password = "Thus from my lips, by yours, my sin is purged.";
final String key = "{\"kty\":\"oct\"," + "\"alg\":\"A128KW\"," + "\"k\":\"GawgguFyGrWKav7AX4VKUg\"," + "\"kid\":\"AesWrapKey\"}";
Security.addProvider(new BouncyCastleProvider());
try {
JsonWebKey jwk = readKey(key);
validateSecretAesKey(jwk);
String encryptedKey = JwkUtils.encryptJwkKey(jwk, password.toCharArray());
JweCompactConsumer c = new JweCompactConsumer(encryptedKey);
assertEquals("jwk+json", c.getJweHeaders().getContentType());
assertEquals(KeyAlgorithm.PBES2_HS256_A128KW, c.getJweHeaders().getKeyEncryptionAlgorithm());
assertEquals(ContentAlgorithm.A128CBC_HS256, c.getJweHeaders().getContentEncryptionAlgorithm());
assertNotNull(c.getJweHeaders().getHeader("p2s"));
assertNotNull(c.getJweHeaders().getHeader("p2c"));
jwk = JwkUtils.decryptJwkKey(encryptedKey, password.toCharArray());
validateSecretAesKey(jwk);
} finally {
Security.removeProvider(BouncyCastleProvider.PROVIDER_NAME);
}
}
Also used :
JweCompactConsumer(org.apache.cxf.rs.security.jose.jwe.JweCompactConsumer)
BouncyCastleProvider(org.bouncycastle.jce.provider.BouncyCastleProvider)
Test(org.junit.Test)
Example 2 with JweCompactConsumer
use of org.apache.cxf.rs.security.jose.jwe.JweCompactConsumer in project cxf by apache.
the class JoseConsumer method getData.
public String getData(String data) {
super.checkProcessRequirements();
if (isJweRequired()) {
JweCompactConsumer jweConsumer = new JweCompactConsumer(data);
JweDecryptionProvider theDecryptor = getInitializedDecryptionProvider(jweConsumer.getJweHeaders());
if (theDecryptor == null) {
throw new JwtException("Unable to decrypt JWT");
}
if (!isJwsRequired()) {
return jweConsumer.getDecryptedContentText(theDecryptor);
}
JweDecryptionOutput decOutput = theDecryptor.decrypt(data);
data = decOutput.getContentText();
}
JwsCompactConsumer jwsConsumer = new JwsCompactConsumer(data);
if (isJwsRequired()) {
JwsSignatureVerifier theSigVerifier = getInitializedSignatureVerifier(jwsConsumer.getJwsHeaders());
if (theSigVerifier == null) {
throw new JwtException("Unable to validate JWT");
}
if (!jwsConsumer.verifySignatureWith(theSigVerifier)) {
throw new JwtException("Invalid Signature");
}
}
return jwsConsumer.getDecodedJwsPayload();
}
Also used :
JwsSignatureVerifier(org.apache.cxf.rs.security.jose.jws.JwsSignatureVerifier)
JweDecryptionOutput(org.apache.cxf.rs.security.jose.jwe.JweDecryptionOutput)
JwsCompactConsumer(org.apache.cxf.rs.security.jose.jws.JwsCompactConsumer)
JweCompactConsumer(org.apache.cxf.rs.security.jose.jwe.JweCompactConsumer)
JweDecryptionProvider(org.apache.cxf.rs.security.jose.jwe.JweDecryptionProvider)
JwtException(org.apache.cxf.rs.security.jose.jwt.JwtException)
Example 3 with JweCompactConsumer
use of org.apache.cxf.rs.security.jose.jwe.JweCompactConsumer in project cxf by apache.
the class AbstractJweDecryptingFilter method decrypt.
protected JweDecryptionOutput decrypt(InputStream is) throws IOException {
JweCompactConsumer jwe = new JweCompactConsumer(new String(IOUtils.readBytesFromStream(is), StandardCharsets.UTF_8));
JweDecryptionProvider theDecryptor = getInitializedDecryptionProvider(jwe.getJweHeaders());
JweDecryptionOutput out = new JweDecryptionOutput(jwe.getJweHeaders(), jwe.getDecryptedContent(theDecryptor));
JoseUtils.traceHeaders(out.getHeaders());
validateHeaders(out.getHeaders());
return out;
}
Also used :
JweDecryptionOutput(org.apache.cxf.rs.security.jose.jwe.JweDecryptionOutput)
JweCompactConsumer(org.apache.cxf.rs.security.jose.jwe.JweCompactConsumer)
JweDecryptionProvider(org.apache.cxf.rs.security.jose.jwe.JweDecryptionProvider)
Example 4 with JweCompactConsumer
use of org.apache.cxf.rs.security.jose.jwe.JweCompactConsumer in project cxf by apache.
the class JsonWebKeyTest method testEncryptDecryptPrivateSet.
@Test
public void testEncryptDecryptPrivateSet() throws Exception {
final String password = "Thus from my lips, by yours, my sin is purged.";
Security.addProvider(new BouncyCastleProvider());
try {
JsonWebKeys jwks = readKeySet("jwkPrivateSet.txt");
validatePrivateSet(jwks);
String encryptedKeySet = JwkUtils.encryptJwkSet(jwks, password.toCharArray());
JweCompactConsumer c = new JweCompactConsumer(encryptedKeySet);
assertEquals("jwk-set+json", c.getJweHeaders().getContentType());
assertEquals(KeyAlgorithm.PBES2_HS256_A128KW, c.getJweHeaders().getKeyEncryptionAlgorithm());
assertEquals(ContentAlgorithm.A128CBC_HS256, c.getJweHeaders().getContentEncryptionAlgorithm());
assertNotNull(c.getJweHeaders().getHeader("p2s"));
assertNotNull(c.getJweHeaders().getHeader("p2c"));
jwks = JwkUtils.decryptJwkSet(encryptedKeySet, password.toCharArray());
validatePrivateSet(jwks);
} finally {
Security.removeProvider(BouncyCastleProvider.PROVIDER_NAME);
}
}
Also used :
JweCompactConsumer(org.apache.cxf.rs.security.jose.jwe.JweCompactConsumer)
BouncyCastleProvider(org.bouncycastle.jce.provider.BouncyCastleProvider)
Test(org.junit.Test)
Aggregations
JweCompactConsumer (org.apache.cxf.rs.security.jose.jwe.JweCompactConsumer)4
JweDecryptionOutput (org.apache.cxf.rs.security.jose.jwe.JweDecryptionOutput)2
JweDecryptionProvider (org.apache.cxf.rs.security.jose.jwe.JweDecryptionProvider)2
BouncyCastleProvider (org.bouncycastle.jce.provider.BouncyCastleProvider)2
Test (org.junit.Test)2
JwsCompactConsumer (org.apache.cxf.rs.security.jose.jws.JwsCompactConsumer)1
JwsSignatureVerifier (org.apache.cxf.rs.security.jose.jws.JwsSignatureVerifier)1
JwtException (org.apache.cxf.rs.security.jose.jwt.JwtException)1
