Search in sources :

Example 1 with JweDecryptionOutput

use of org.apache.cxf.rs.security.jose.jwe.JweDecryptionOutput in project cxf by apache.

the class JoseJwtConsumer method getJwtToken.

public JwtToken getJwtToken(String wrappedJwtToken, JweDecryptionProvider theDecryptor, JwsSignatureVerifier theSigVerifier) {
    super.checkProcessRequirements();
    JweHeaders jweHeaders = new JweHeaders();
    if (isJweRequired()) {
        JweJwtCompactConsumer jwtConsumer = new JweJwtCompactConsumer(wrappedJwtToken);
        if (theDecryptor == null) {
            theDecryptor = getInitializedDecryptionProvider(jwtConsumer.getHeaders());
        }
        if (theDecryptor == null) {
            throw new JwtException("Unable to decrypt JWT");
        }
        if (!isJwsRequired()) {
            return jwtConsumer.decryptWith(theDecryptor);
        }
        JweDecryptionOutput decOutput = theDecryptor.decrypt(wrappedJwtToken);
        wrappedJwtToken = decOutput.getContentText();
        jweHeaders = decOutput.getHeaders();
    }
    JwsJwtCompactConsumer jwtConsumer = new JwsJwtCompactConsumer(wrappedJwtToken);
    JwtToken jwt = jwtConsumer.getJwtToken();
    // Store the encryption headers as well
    jwt = new JwtToken(jwt.getJwsHeaders(), jweHeaders, jwt.getClaims());
    if (isJwsRequired()) {
        if (theSigVerifier == null) {
            theSigVerifier = getInitializedSignatureVerifier(jwt);
        }
        if (theSigVerifier == null) {
            throw new JwtException("Unable to validate JWT");
        }
        if (!jwtConsumer.verifySignatureWith(theSigVerifier)) {
            throw new JwtException("Invalid Signature");
        }
    }
    validateToken(jwt);
    return jwt;
}
Also used : JweDecryptionOutput(org.apache.cxf.rs.security.jose.jwe.JweDecryptionOutput) JwsJwtCompactConsumer(org.apache.cxf.rs.security.jose.jws.JwsJwtCompactConsumer) JweJwtCompactConsumer(org.apache.cxf.rs.security.jose.jwe.JweJwtCompactConsumer) JweHeaders(org.apache.cxf.rs.security.jose.jwe.JweHeaders)

Example 2 with JweDecryptionOutput

use of org.apache.cxf.rs.security.jose.jwe.JweDecryptionOutput in project cxf by apache.

the class JoseConsumer method getData.

public String getData(String data) {
    super.checkProcessRequirements();
    if (isJweRequired()) {
        JweCompactConsumer jweConsumer = new JweCompactConsumer(data);
        JweDecryptionProvider theDecryptor = getInitializedDecryptionProvider(jweConsumer.getJweHeaders());
        if (theDecryptor == null) {
            throw new JwtException("Unable to decrypt JWT");
        }
        if (!isJwsRequired()) {
            return jweConsumer.getDecryptedContentText(theDecryptor);
        }
        JweDecryptionOutput decOutput = theDecryptor.decrypt(data);
        data = decOutput.getContentText();
    }
    JwsCompactConsumer jwsConsumer = new JwsCompactConsumer(data);
    if (isJwsRequired()) {
        JwsSignatureVerifier theSigVerifier = getInitializedSignatureVerifier(jwsConsumer.getJwsHeaders());
        if (theSigVerifier == null) {
            throw new JwtException("Unable to validate JWT");
        }
        if (!jwsConsumer.verifySignatureWith(theSigVerifier)) {
            throw new JwtException("Invalid Signature");
        }
    }
    return jwsConsumer.getDecodedJwsPayload();
}
Also used : JwsSignatureVerifier(org.apache.cxf.rs.security.jose.jws.JwsSignatureVerifier) JweDecryptionOutput(org.apache.cxf.rs.security.jose.jwe.JweDecryptionOutput) JwsCompactConsumer(org.apache.cxf.rs.security.jose.jws.JwsCompactConsumer) JweCompactConsumer(org.apache.cxf.rs.security.jose.jwe.JweCompactConsumer) JweDecryptionProvider(org.apache.cxf.rs.security.jose.jwe.JweDecryptionProvider) JwtException(org.apache.cxf.rs.security.jose.jwt.JwtException)

Example 3 with JweDecryptionOutput

use of org.apache.cxf.rs.security.jose.jwe.JweDecryptionOutput in project cxf by apache.

the class JWTTokenProviderTest method testCreateUnsignedEncryptedCBCJWT.

@org.junit.Test
public void testCreateUnsignedEncryptedCBCJWT() throws Exception {
    try {
        Security.addProvider(new BouncyCastleProvider());
        TokenProvider jwtTokenProvider = new JWTTokenProvider();
        ((JWTTokenProvider) jwtTokenProvider).setSignToken(false);
        TokenProviderParameters providerParameters = createProviderParameters();
        providerParameters.setEncryptToken(true);
        providerParameters.getEncryptionProperties().setEncryptionAlgorithm(ContentAlgorithm.A128CBC_HS256.name());
        assertTrue(jwtTokenProvider.canHandleToken(JWTTokenProvider.JWT_TOKEN_TYPE));
        TokenProviderResponse providerResponse = jwtTokenProvider.createToken(providerParameters);
        assertTrue(providerResponse != null);
        assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
        String token = (String) providerResponse.getToken();
        assertNotNull(token);
        assertTrue(token.split("\\.").length == 5);
        if (unrestrictedPoliciesInstalled) {
            // Validate the token
            JweJwtCompactConsumer jwtConsumer = new JweJwtCompactConsumer(token);
            Properties decProperties = new Properties();
            Crypto decryptionCrypto = CryptoFactory.getInstance(getDecryptionProperties());
            KeyStore keystore = ((Merlin) decryptionCrypto).getKeyStore();
            decProperties.put(JoseConstants.RSSEC_KEY_STORE, keystore);
            decProperties.put(JoseConstants.RSSEC_KEY_STORE_ALIAS, "myservicekey");
            decProperties.put(JoseConstants.RSSEC_KEY_PSWD, "skpass");
            decProperties.put(JoseConstants.RSSEC_ENCRYPTION_CONTENT_ALGORITHM, ContentAlgorithm.A128CBC_HS256.name());
            JweDecryptionProvider decProvider = JweUtils.loadDecryptionProvider(decProperties, jwtConsumer.getHeaders());
            JweDecryptionOutput decOutput = decProvider.decrypt(token);
            String decToken = decOutput.getContentText();
            JwsJwtCompactConsumer jwtJwsConsumer = new JwsJwtCompactConsumer(decToken);
            JwtToken jwt = jwtJwsConsumer.getJwtToken();
            Assert.assertEquals("alice", jwt.getClaim(JwtConstants.CLAIM_SUBJECT));
            Assert.assertEquals(providerResponse.getTokenId(), jwt.getClaim(JwtConstants.CLAIM_JWT_ID));
            Assert.assertEquals(providerResponse.getCreated().getEpochSecond(), jwt.getClaim(JwtConstants.CLAIM_ISSUED_AT));
            Assert.assertEquals(providerResponse.getExpires().getEpochSecond(), jwt.getClaim(JwtConstants.CLAIM_EXPIRY));
        }
    } finally {
        Security.removeProvider(BouncyCastleProvider.PROVIDER_NAME);
    }
}
Also used : StaticSTSProperties(org.apache.cxf.sts.StaticSTSProperties) EncryptionProperties(org.apache.cxf.sts.service.EncryptionProperties) SignatureProperties(org.apache.cxf.sts.SignatureProperties) Properties(java.util.Properties) KeyStore(java.security.KeyStore) JwtToken(org.apache.cxf.rs.security.jose.jwt.JwtToken) JWTTokenProvider(org.apache.cxf.sts.token.provider.jwt.JWTTokenProvider) Crypto(org.apache.wss4j.common.crypto.Crypto) JweDecryptionOutput(org.apache.cxf.rs.security.jose.jwe.JweDecryptionOutput) JweDecryptionProvider(org.apache.cxf.rs.security.jose.jwe.JweDecryptionProvider) JwsJwtCompactConsumer(org.apache.cxf.rs.security.jose.jws.JwsJwtCompactConsumer) JweJwtCompactConsumer(org.apache.cxf.rs.security.jose.jwe.JweJwtCompactConsumer) Merlin(org.apache.wss4j.common.crypto.Merlin) BouncyCastleProvider(org.bouncycastle.jce.provider.BouncyCastleProvider) JWTTokenProvider(org.apache.cxf.sts.token.provider.jwt.JWTTokenProvider)

Example 4 with JweDecryptionOutput

use of org.apache.cxf.rs.security.jose.jwe.JweDecryptionOutput in project cxf by apache.

the class AbstractJweDecryptingFilter method decrypt.

protected JweDecryptionOutput decrypt(InputStream is) throws IOException {
    JweCompactConsumer jwe = new JweCompactConsumer(new String(IOUtils.readBytesFromStream(is), StandardCharsets.UTF_8));
    JweDecryptionProvider theDecryptor = getInitializedDecryptionProvider(jwe.getJweHeaders());
    JweDecryptionOutput out = new JweDecryptionOutput(jwe.getJweHeaders(), jwe.getDecryptedContent(theDecryptor));
    JoseUtils.traceHeaders(out.getHeaders());
    validateHeaders(out.getHeaders());
    return out;
}
Also used : JweDecryptionOutput(org.apache.cxf.rs.security.jose.jwe.JweDecryptionOutput) JweCompactConsumer(org.apache.cxf.rs.security.jose.jwe.JweCompactConsumer) JweDecryptionProvider(org.apache.cxf.rs.security.jose.jwe.JweDecryptionProvider)

Example 5 with JweDecryptionOutput

use of org.apache.cxf.rs.security.jose.jwe.JweDecryptionOutput in project cxf by apache.

the class JweContainerRequestFilter method filter.

@Override
public void filter(ContainerRequestContext context) throws IOException {
    if (isMethodWithNoContent(context.getMethod()) || isCheckEmptyStream() && !context.hasEntity()) {
        return;
    }
    JweDecryptionOutput out = decrypt(context.getEntityStream());
    byte[] bytes = out.getContent();
    context.setEntityStream(new ByteArrayInputStream(bytes));
    context.getHeaders().putSingle("Content-Length", Integer.toString(bytes.length));
    String ct = JoseUtils.checkContentType(out.getHeaders().getContentType(), getDefaultMediaType());
    if (ct != null) {
        context.getHeaders().putSingle("Content-Type", ct);
    }
    if (super.isValidateHttpHeaders()) {
        super.validateHttpHeadersIfNeeded(context.getHeaders(), out.getHeaders());
    }
}
Also used : JweDecryptionOutput(org.apache.cxf.rs.security.jose.jwe.JweDecryptionOutput) ByteArrayInputStream(java.io.ByteArrayInputStream)

Aggregations

JweDecryptionOutput (org.apache.cxf.rs.security.jose.jwe.JweDecryptionOutput)12 JweDecryptionProvider (org.apache.cxf.rs.security.jose.jwe.JweDecryptionProvider)7 ByteArrayInputStream (java.io.ByteArrayInputStream)4 Properties (java.util.Properties)4 JweJwtCompactConsumer (org.apache.cxf.rs.security.jose.jwe.JweJwtCompactConsumer)4 JwsJwtCompactConsumer (org.apache.cxf.rs.security.jose.jws.JwsJwtCompactConsumer)4 KeyStore (java.security.KeyStore)3 JwtToken (org.apache.cxf.rs.security.jose.jwt.JwtToken)3 SignatureProperties (org.apache.cxf.sts.SignatureProperties)3 StaticSTSProperties (org.apache.cxf.sts.StaticSTSProperties)3 EncryptionProperties (org.apache.cxf.sts.service.EncryptionProperties)3 JWTTokenProvider (org.apache.cxf.sts.token.provider.jwt.JWTTokenProvider)3 Crypto (org.apache.wss4j.common.crypto.Crypto)3 Merlin (org.apache.wss4j.common.crypto.Merlin)3 JweCompactConsumer (org.apache.cxf.rs.security.jose.jwe.JweCompactConsumer)2 JweException (org.apache.cxf.rs.security.jose.jwe.JweException)2 Message (org.apache.cxf.message.Message)1 ContentAlgorithm (org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm)1 JweHeaders (org.apache.cxf.rs.security.jose.jwe.JweHeaders)1 JweJsonConsumer (org.apache.cxf.rs.security.jose.jwe.JweJsonConsumer)1