use of org.apache.cxf.rs.security.jose.jwe.JweDecryptionOutput in project cxf by apache.
the class JoseJwtConsumer method getJwtToken.
public JwtToken getJwtToken(String wrappedJwtToken, JweDecryptionProvider theDecryptor, JwsSignatureVerifier theSigVerifier) {
super.checkProcessRequirements();
JweHeaders jweHeaders = new JweHeaders();
if (isJweRequired()) {
JweJwtCompactConsumer jwtConsumer = new JweJwtCompactConsumer(wrappedJwtToken);
if (theDecryptor == null) {
theDecryptor = getInitializedDecryptionProvider(jwtConsumer.getHeaders());
}
if (theDecryptor == null) {
throw new JwtException("Unable to decrypt JWT");
}
if (!isJwsRequired()) {
return jwtConsumer.decryptWith(theDecryptor);
}
JweDecryptionOutput decOutput = theDecryptor.decrypt(wrappedJwtToken);
wrappedJwtToken = decOutput.getContentText();
jweHeaders = decOutput.getHeaders();
}
JwsJwtCompactConsumer jwtConsumer = new JwsJwtCompactConsumer(wrappedJwtToken);
JwtToken jwt = jwtConsumer.getJwtToken();
// Store the encryption headers as well
jwt = new JwtToken(jwt.getJwsHeaders(), jweHeaders, jwt.getClaims());
if (isJwsRequired()) {
if (theSigVerifier == null) {
theSigVerifier = getInitializedSignatureVerifier(jwt);
}
if (theSigVerifier == null) {
throw new JwtException("Unable to validate JWT");
}
if (!jwtConsumer.verifySignatureWith(theSigVerifier)) {
throw new JwtException("Invalid Signature");
}
}
validateToken(jwt);
return jwt;
}
use of org.apache.cxf.rs.security.jose.jwe.JweDecryptionOutput in project cxf by apache.
the class JoseConsumer method getData.
public String getData(String data) {
super.checkProcessRequirements();
if (isJweRequired()) {
JweCompactConsumer jweConsumer = new JweCompactConsumer(data);
JweDecryptionProvider theDecryptor = getInitializedDecryptionProvider(jweConsumer.getJweHeaders());
if (theDecryptor == null) {
throw new JwtException("Unable to decrypt JWT");
}
if (!isJwsRequired()) {
return jweConsumer.getDecryptedContentText(theDecryptor);
}
JweDecryptionOutput decOutput = theDecryptor.decrypt(data);
data = decOutput.getContentText();
}
JwsCompactConsumer jwsConsumer = new JwsCompactConsumer(data);
if (isJwsRequired()) {
JwsSignatureVerifier theSigVerifier = getInitializedSignatureVerifier(jwsConsumer.getJwsHeaders());
if (theSigVerifier == null) {
throw new JwtException("Unable to validate JWT");
}
if (!jwsConsumer.verifySignatureWith(theSigVerifier)) {
throw new JwtException("Invalid Signature");
}
}
return jwsConsumer.getDecodedJwsPayload();
}
use of org.apache.cxf.rs.security.jose.jwe.JweDecryptionOutput in project cxf by apache.
the class JWTTokenProviderTest method testCreateUnsignedEncryptedCBCJWT.
@org.junit.Test
public void testCreateUnsignedEncryptedCBCJWT() throws Exception {
try {
Security.addProvider(new BouncyCastleProvider());
TokenProvider jwtTokenProvider = new JWTTokenProvider();
((JWTTokenProvider) jwtTokenProvider).setSignToken(false);
TokenProviderParameters providerParameters = createProviderParameters();
providerParameters.setEncryptToken(true);
providerParameters.getEncryptionProperties().setEncryptionAlgorithm(ContentAlgorithm.A128CBC_HS256.name());
assertTrue(jwtTokenProvider.canHandleToken(JWTTokenProvider.JWT_TOKEN_TYPE));
TokenProviderResponse providerResponse = jwtTokenProvider.createToken(providerParameters);
assertTrue(providerResponse != null);
assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
String token = (String) providerResponse.getToken();
assertNotNull(token);
assertTrue(token.split("\\.").length == 5);
if (unrestrictedPoliciesInstalled) {
// Validate the token
JweJwtCompactConsumer jwtConsumer = new JweJwtCompactConsumer(token);
Properties decProperties = new Properties();
Crypto decryptionCrypto = CryptoFactory.getInstance(getDecryptionProperties());
KeyStore keystore = ((Merlin) decryptionCrypto).getKeyStore();
decProperties.put(JoseConstants.RSSEC_KEY_STORE, keystore);
decProperties.put(JoseConstants.RSSEC_KEY_STORE_ALIAS, "myservicekey");
decProperties.put(JoseConstants.RSSEC_KEY_PSWD, "skpass");
decProperties.put(JoseConstants.RSSEC_ENCRYPTION_CONTENT_ALGORITHM, ContentAlgorithm.A128CBC_HS256.name());
JweDecryptionProvider decProvider = JweUtils.loadDecryptionProvider(decProperties, jwtConsumer.getHeaders());
JweDecryptionOutput decOutput = decProvider.decrypt(token);
String decToken = decOutput.getContentText();
JwsJwtCompactConsumer jwtJwsConsumer = new JwsJwtCompactConsumer(decToken);
JwtToken jwt = jwtJwsConsumer.getJwtToken();
Assert.assertEquals("alice", jwt.getClaim(JwtConstants.CLAIM_SUBJECT));
Assert.assertEquals(providerResponse.getTokenId(), jwt.getClaim(JwtConstants.CLAIM_JWT_ID));
Assert.assertEquals(providerResponse.getCreated().getEpochSecond(), jwt.getClaim(JwtConstants.CLAIM_ISSUED_AT));
Assert.assertEquals(providerResponse.getExpires().getEpochSecond(), jwt.getClaim(JwtConstants.CLAIM_EXPIRY));
}
} finally {
Security.removeProvider(BouncyCastleProvider.PROVIDER_NAME);
}
}
use of org.apache.cxf.rs.security.jose.jwe.JweDecryptionOutput in project cxf by apache.
the class AbstractJweDecryptingFilter method decrypt.
protected JweDecryptionOutput decrypt(InputStream is) throws IOException {
JweCompactConsumer jwe = new JweCompactConsumer(new String(IOUtils.readBytesFromStream(is), StandardCharsets.UTF_8));
JweDecryptionProvider theDecryptor = getInitializedDecryptionProvider(jwe.getJweHeaders());
JweDecryptionOutput out = new JweDecryptionOutput(jwe.getJweHeaders(), jwe.getDecryptedContent(theDecryptor));
JoseUtils.traceHeaders(out.getHeaders());
validateHeaders(out.getHeaders());
return out;
}
use of org.apache.cxf.rs.security.jose.jwe.JweDecryptionOutput in project cxf by apache.
the class JweContainerRequestFilter method filter.
@Override
public void filter(ContainerRequestContext context) throws IOException {
if (isMethodWithNoContent(context.getMethod()) || isCheckEmptyStream() && !context.hasEntity()) {
return;
}
JweDecryptionOutput out = decrypt(context.getEntityStream());
byte[] bytes = out.getContent();
context.setEntityStream(new ByteArrayInputStream(bytes));
context.getHeaders().putSingle("Content-Length", Integer.toString(bytes.length));
String ct = JoseUtils.checkContentType(out.getHeaders().getContentType(), getDefaultMediaType());
if (ct != null) {
context.getHeaders().putSingle("Content-Type", ct);
}
if (super.isValidateHttpHeaders()) {
super.validateHttpHeadersIfNeeded(context.getHeaders(), out.getHeaders());
}
}
Aggregations