Search in sources :

Example 1 with JweCompactConsumer

use of org.apache.cxf.rs.security.jose.jwe.JweCompactConsumer in project cxf by apache.

the class JsonWebKeyTest method testEncryptDecryptPrivateKey.

@Test
public void testEncryptDecryptPrivateKey() throws Exception {
    final String password = "Thus from my lips, by yours, my sin is purged.";
    final String key = "{\"kty\":\"oct\"," + "\"alg\":\"A128KW\"," + "\"k\":\"GawgguFyGrWKav7AX4VKUg\"," + "\"kid\":\"AesWrapKey\"}";
    Security.addProvider(new BouncyCastleProvider());
    try {
        JsonWebKey jwk = readKey(key);
        validateSecretAesKey(jwk);
        String encryptedKey = JwkUtils.encryptJwkKey(jwk, password.toCharArray());
        JweCompactConsumer c = new JweCompactConsumer(encryptedKey);
        assertEquals("jwk+json", c.getJweHeaders().getContentType());
        assertEquals(KeyAlgorithm.PBES2_HS256_A128KW, c.getJweHeaders().getKeyEncryptionAlgorithm());
        assertEquals(ContentAlgorithm.A128CBC_HS256, c.getJweHeaders().getContentEncryptionAlgorithm());
        assertNotNull(c.getJweHeaders().getHeader("p2s"));
        assertNotNull(c.getJweHeaders().getHeader("p2c"));
        jwk = JwkUtils.decryptJwkKey(encryptedKey, password.toCharArray());
        validateSecretAesKey(jwk);
    } finally {
        Security.removeProvider(BouncyCastleProvider.PROVIDER_NAME);
    }
}
Also used : JweCompactConsumer(org.apache.cxf.rs.security.jose.jwe.JweCompactConsumer) BouncyCastleProvider(org.bouncycastle.jce.provider.BouncyCastleProvider) Test(org.junit.Test)

Example 2 with JweCompactConsumer

use of org.apache.cxf.rs.security.jose.jwe.JweCompactConsumer in project cxf by apache.

the class JoseConsumer method getData.

public String getData(String data) {
    super.checkProcessRequirements();
    if (isJweRequired()) {
        JweCompactConsumer jweConsumer = new JweCompactConsumer(data);
        JweDecryptionProvider theDecryptor = getInitializedDecryptionProvider(jweConsumer.getJweHeaders());
        if (theDecryptor == null) {
            throw new JwtException("Unable to decrypt JWT");
        }
        if (!isJwsRequired()) {
            return jweConsumer.getDecryptedContentText(theDecryptor);
        }
        JweDecryptionOutput decOutput = theDecryptor.decrypt(data);
        data = decOutput.getContentText();
    }
    JwsCompactConsumer jwsConsumer = new JwsCompactConsumer(data);
    if (isJwsRequired()) {
        JwsSignatureVerifier theSigVerifier = getInitializedSignatureVerifier(jwsConsumer.getJwsHeaders());
        if (theSigVerifier == null) {
            throw new JwtException("Unable to validate JWT");
        }
        if (!jwsConsumer.verifySignatureWith(theSigVerifier)) {
            throw new JwtException("Invalid Signature");
        }
    }
    return jwsConsumer.getDecodedJwsPayload();
}
Also used : JwsSignatureVerifier(org.apache.cxf.rs.security.jose.jws.JwsSignatureVerifier) JweDecryptionOutput(org.apache.cxf.rs.security.jose.jwe.JweDecryptionOutput) JwsCompactConsumer(org.apache.cxf.rs.security.jose.jws.JwsCompactConsumer) JweCompactConsumer(org.apache.cxf.rs.security.jose.jwe.JweCompactConsumer) JweDecryptionProvider(org.apache.cxf.rs.security.jose.jwe.JweDecryptionProvider) JwtException(org.apache.cxf.rs.security.jose.jwt.JwtException)

Example 3 with JweCompactConsumer

use of org.apache.cxf.rs.security.jose.jwe.JweCompactConsumer in project cxf by apache.

the class AbstractJweDecryptingFilter method decrypt.

protected JweDecryptionOutput decrypt(InputStream is) throws IOException {
    JweCompactConsumer jwe = new JweCompactConsumer(new String(IOUtils.readBytesFromStream(is), StandardCharsets.UTF_8));
    JweDecryptionProvider theDecryptor = getInitializedDecryptionProvider(jwe.getJweHeaders());
    JweDecryptionOutput out = new JweDecryptionOutput(jwe.getJweHeaders(), jwe.getDecryptedContent(theDecryptor));
    JoseUtils.traceHeaders(out.getHeaders());
    validateHeaders(out.getHeaders());
    return out;
}
Also used : JweDecryptionOutput(org.apache.cxf.rs.security.jose.jwe.JweDecryptionOutput) JweCompactConsumer(org.apache.cxf.rs.security.jose.jwe.JweCompactConsumer) JweDecryptionProvider(org.apache.cxf.rs.security.jose.jwe.JweDecryptionProvider)

Example 4 with JweCompactConsumer

use of org.apache.cxf.rs.security.jose.jwe.JweCompactConsumer in project cxf by apache.

the class JsonWebKeyTest method testEncryptDecryptPrivateSet.

@Test
public void testEncryptDecryptPrivateSet() throws Exception {
    final String password = "Thus from my lips, by yours, my sin is purged.";
    Security.addProvider(new BouncyCastleProvider());
    try {
        JsonWebKeys jwks = readKeySet("jwkPrivateSet.txt");
        validatePrivateSet(jwks);
        String encryptedKeySet = JwkUtils.encryptJwkSet(jwks, password.toCharArray());
        JweCompactConsumer c = new JweCompactConsumer(encryptedKeySet);
        assertEquals("jwk-set+json", c.getJweHeaders().getContentType());
        assertEquals(KeyAlgorithm.PBES2_HS256_A128KW, c.getJweHeaders().getKeyEncryptionAlgorithm());
        assertEquals(ContentAlgorithm.A128CBC_HS256, c.getJweHeaders().getContentEncryptionAlgorithm());
        assertNotNull(c.getJweHeaders().getHeader("p2s"));
        assertNotNull(c.getJweHeaders().getHeader("p2c"));
        jwks = JwkUtils.decryptJwkSet(encryptedKeySet, password.toCharArray());
        validatePrivateSet(jwks);
    } finally {
        Security.removeProvider(BouncyCastleProvider.PROVIDER_NAME);
    }
}
Also used : JweCompactConsumer(org.apache.cxf.rs.security.jose.jwe.JweCompactConsumer) BouncyCastleProvider(org.bouncycastle.jce.provider.BouncyCastleProvider) Test(org.junit.Test)

Aggregations

JweCompactConsumer (org.apache.cxf.rs.security.jose.jwe.JweCompactConsumer)4 JweDecryptionOutput (org.apache.cxf.rs.security.jose.jwe.JweDecryptionOutput)2 JweDecryptionProvider (org.apache.cxf.rs.security.jose.jwe.JweDecryptionProvider)2 BouncyCastleProvider (org.bouncycastle.jce.provider.BouncyCastleProvider)2 Test (org.junit.Test)2 JwsCompactConsumer (org.apache.cxf.rs.security.jose.jws.JwsCompactConsumer)1 JwsSignatureVerifier (org.apache.cxf.rs.security.jose.jws.JwsSignatureVerifier)1 JwtException (org.apache.cxf.rs.security.jose.jwt.JwtException)1