use of org.apache.cxf.rs.security.jose.jwe.JweCompactConsumer in project cxf by apache.
the class JsonWebKeyTest method testEncryptDecryptPrivateKey.
@Test
public void testEncryptDecryptPrivateKey() throws Exception {
final String password = "Thus from my lips, by yours, my sin is purged.";
final String key = "{\"kty\":\"oct\"," + "\"alg\":\"A128KW\"," + "\"k\":\"GawgguFyGrWKav7AX4VKUg\"," + "\"kid\":\"AesWrapKey\"}";
Security.addProvider(new BouncyCastleProvider());
try {
JsonWebKey jwk = readKey(key);
validateSecretAesKey(jwk);
String encryptedKey = JwkUtils.encryptJwkKey(jwk, password.toCharArray());
JweCompactConsumer c = new JweCompactConsumer(encryptedKey);
assertEquals("jwk+json", c.getJweHeaders().getContentType());
assertEquals(KeyAlgorithm.PBES2_HS256_A128KW, c.getJweHeaders().getKeyEncryptionAlgorithm());
assertEquals(ContentAlgorithm.A128CBC_HS256, c.getJweHeaders().getContentEncryptionAlgorithm());
assertNotNull(c.getJweHeaders().getHeader("p2s"));
assertNotNull(c.getJweHeaders().getHeader("p2c"));
jwk = JwkUtils.decryptJwkKey(encryptedKey, password.toCharArray());
validateSecretAesKey(jwk);
} finally {
Security.removeProvider(BouncyCastleProvider.PROVIDER_NAME);
}
}
use of org.apache.cxf.rs.security.jose.jwe.JweCompactConsumer in project cxf by apache.
the class JoseConsumer method getData.
public String getData(String data) {
super.checkProcessRequirements();
if (isJweRequired()) {
JweCompactConsumer jweConsumer = new JweCompactConsumer(data);
JweDecryptionProvider theDecryptor = getInitializedDecryptionProvider(jweConsumer.getJweHeaders());
if (theDecryptor == null) {
throw new JwtException("Unable to decrypt JWT");
}
if (!isJwsRequired()) {
return jweConsumer.getDecryptedContentText(theDecryptor);
}
JweDecryptionOutput decOutput = theDecryptor.decrypt(data);
data = decOutput.getContentText();
}
JwsCompactConsumer jwsConsumer = new JwsCompactConsumer(data);
if (isJwsRequired()) {
JwsSignatureVerifier theSigVerifier = getInitializedSignatureVerifier(jwsConsumer.getJwsHeaders());
if (theSigVerifier == null) {
throw new JwtException("Unable to validate JWT");
}
if (!jwsConsumer.verifySignatureWith(theSigVerifier)) {
throw new JwtException("Invalid Signature");
}
}
return jwsConsumer.getDecodedJwsPayload();
}
use of org.apache.cxf.rs.security.jose.jwe.JweCompactConsumer in project cxf by apache.
the class AbstractJweDecryptingFilter method decrypt.
protected JweDecryptionOutput decrypt(InputStream is) throws IOException {
JweCompactConsumer jwe = new JweCompactConsumer(new String(IOUtils.readBytesFromStream(is), StandardCharsets.UTF_8));
JweDecryptionProvider theDecryptor = getInitializedDecryptionProvider(jwe.getJweHeaders());
JweDecryptionOutput out = new JweDecryptionOutput(jwe.getJweHeaders(), jwe.getDecryptedContent(theDecryptor));
JoseUtils.traceHeaders(out.getHeaders());
validateHeaders(out.getHeaders());
return out;
}
use of org.apache.cxf.rs.security.jose.jwe.JweCompactConsumer in project cxf by apache.
the class JsonWebKeyTest method testEncryptDecryptPrivateSet.
@Test
public void testEncryptDecryptPrivateSet() throws Exception {
final String password = "Thus from my lips, by yours, my sin is purged.";
Security.addProvider(new BouncyCastleProvider());
try {
JsonWebKeys jwks = readKeySet("jwkPrivateSet.txt");
validatePrivateSet(jwks);
String encryptedKeySet = JwkUtils.encryptJwkSet(jwks, password.toCharArray());
JweCompactConsumer c = new JweCompactConsumer(encryptedKeySet);
assertEquals("jwk-set+json", c.getJweHeaders().getContentType());
assertEquals(KeyAlgorithm.PBES2_HS256_A128KW, c.getJweHeaders().getKeyEncryptionAlgorithm());
assertEquals(ContentAlgorithm.A128CBC_HS256, c.getJweHeaders().getContentEncryptionAlgorithm());
assertNotNull(c.getJweHeaders().getHeader("p2s"));
assertNotNull(c.getJweHeaders().getHeader("p2c"));
jwks = JwkUtils.decryptJwkSet(encryptedKeySet, password.toCharArray());
validatePrivateSet(jwks);
} finally {
Security.removeProvider(BouncyCastleProvider.PROVIDER_NAME);
}
}
Aggregations