use of org.apache.cxf.rs.security.jose.jwe.JweDecryptionProvider in project cxf by apache.
the class BookStore method getRecipientText.
private String getRecipientText(JweJsonConsumer consumer, String recipientPropLoc, String recipientKid) {
Message message = JAXRSUtils.getCurrentMessage();
Properties recipientProps = JweUtils.loadJweProperties(message, recipientPropLoc);
JsonWebKey recipientKey = JwkUtils.loadJwkSet(message, recipientProps, null).getKey(recipientKid);
ContentAlgorithm contentEncryptionAlgorithm = JweUtils.getContentEncryptionAlgorithm(recipientProps);
JweDecryptionProvider jweRecipient = JweUtils.createJweDecryptionProvider(recipientKey, contentEncryptionAlgorithm);
JweDecryptionOutput jweRecipientOutput = consumer.decryptWith(jweRecipient, Collections.singletonMap("kid", recipientKid));
return jweRecipientOutput.getContentText();
}
use of org.apache.cxf.rs.security.jose.jwe.JweDecryptionProvider in project cxf by apache.
the class AbstractJweJsonDecryptingFilter method decrypt.
protected JweDecryptionOutput decrypt(InputStream is) throws IOException {
JweJsonConsumer c = new JweJsonConsumer(new String(IOUtils.readBytesFromStream(is), StandardCharsets.UTF_8));
JweDecryptionProvider theProvider = getInitializedDecryptionProvider(c.getProtectedHeader());
JweJsonEncryptionEntry entry = c.getJweDecryptionEntry(theProvider, recipientProperties);
if (entry == null) {
throw new JweException(JweException.Error.INVALID_JSON_JWE);
}
JweDecryptionOutput out = c.decryptWith(theProvider, entry);
JAXRSUtils.getCurrentMessage().put(JweJsonConsumer.class, c);
JAXRSUtils.getCurrentMessage().put(JweJsonEncryptionEntry.class, entry);
return out;
}
use of org.apache.cxf.rs.security.jose.jwe.JweDecryptionProvider in project cxf by apache.
the class JWTTokenProviderTest method testCreateSignedEncryptedJWT.
@org.junit.Test
public void testCreateSignedEncryptedJWT() throws Exception {
TokenProvider jwtTokenProvider = new JWTTokenProvider();
TokenProviderParameters providerParameters = createProviderParameters();
providerParameters.setEncryptToken(true);
assertTrue(jwtTokenProvider.canHandleToken(JWTTokenProvider.JWT_TOKEN_TYPE));
TokenProviderResponse providerResponse = jwtTokenProvider.createToken(providerParameters);
assertTrue(providerResponse != null);
assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
String token = (String) providerResponse.getToken();
assertNotNull(token);
assertTrue(token.split("\\.").length == 5);
if (unrestrictedPoliciesInstalled) {
// Validate the token
JweJwtCompactConsumer jwtConsumer = new JweJwtCompactConsumer(token);
Properties decProperties = new Properties();
Crypto decryptionCrypto = CryptoFactory.getInstance(getDecryptionProperties());
KeyStore keystore = ((Merlin) decryptionCrypto).getKeyStore();
decProperties.put(JoseConstants.RSSEC_KEY_STORE, keystore);
decProperties.put(JoseConstants.RSSEC_KEY_STORE_ALIAS, "myservicekey");
decProperties.put(JoseConstants.RSSEC_KEY_PSWD, "skpass");
JweDecryptionProvider decProvider = JweUtils.loadDecryptionProvider(decProperties, jwtConsumer.getHeaders());
JweDecryptionOutput decOutput = decProvider.decrypt(token);
String decToken = decOutput.getContentText();
JwsJwtCompactConsumer jwtJwsConsumer = new JwsJwtCompactConsumer(decToken);
JwtToken jwt = jwtJwsConsumer.getJwtToken();
Assert.assertEquals("alice", jwt.getClaim(JwtConstants.CLAIM_SUBJECT));
Assert.assertEquals(providerResponse.getTokenId(), jwt.getClaim(JwtConstants.CLAIM_JWT_ID));
Assert.assertEquals(providerResponse.getCreated().getEpochSecond(), jwt.getClaim(JwtConstants.CLAIM_ISSUED_AT));
Assert.assertEquals(providerResponse.getExpires().getEpochSecond(), jwt.getClaim(JwtConstants.CLAIM_EXPIRY));
}
}
use of org.apache.cxf.rs.security.jose.jwe.JweDecryptionProvider in project cxf by apache.
the class JWTTokenProviderTest method testCreateUnsignedEncryptedJWT.
@org.junit.Test
public void testCreateUnsignedEncryptedJWT() throws Exception {
TokenProvider jwtTokenProvider = new JWTTokenProvider();
((JWTTokenProvider) jwtTokenProvider).setSignToken(false);
TokenProviderParameters providerParameters = createProviderParameters();
providerParameters.setEncryptToken(true);
assertTrue(jwtTokenProvider.canHandleToken(JWTTokenProvider.JWT_TOKEN_TYPE));
TokenProviderResponse providerResponse = jwtTokenProvider.createToken(providerParameters);
assertTrue(providerResponse != null);
assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
String token = (String) providerResponse.getToken();
assertNotNull(token);
assertTrue(token.split("\\.").length == 5);
if (unrestrictedPoliciesInstalled) {
// Validate the token
JweJwtCompactConsumer jwtConsumer = new JweJwtCompactConsumer(token);
Properties decProperties = new Properties();
Crypto decryptionCrypto = CryptoFactory.getInstance(getDecryptionProperties());
KeyStore keystore = ((Merlin) decryptionCrypto).getKeyStore();
decProperties.put(JoseConstants.RSSEC_KEY_STORE, keystore);
decProperties.put(JoseConstants.RSSEC_KEY_STORE_ALIAS, "myservicekey");
decProperties.put(JoseConstants.RSSEC_KEY_PSWD, "skpass");
JweDecryptionProvider decProvider = JweUtils.loadDecryptionProvider(decProperties, jwtConsumer.getHeaders());
JweDecryptionOutput decOutput = decProvider.decrypt(token);
String decToken = decOutput.getContentText();
JwsJwtCompactConsumer jwtJwsConsumer = new JwsJwtCompactConsumer(decToken);
JwtToken jwt = jwtJwsConsumer.getJwtToken();
Assert.assertEquals("alice", jwt.getClaim(JwtConstants.CLAIM_SUBJECT));
Assert.assertEquals(providerResponse.getTokenId(), jwt.getClaim(JwtConstants.CLAIM_JWT_ID));
Assert.assertEquals(providerResponse.getCreated().getEpochSecond(), jwt.getClaim(JwtConstants.CLAIM_ISSUED_AT));
Assert.assertEquals(providerResponse.getExpires().getEpochSecond(), jwt.getClaim(JwtConstants.CLAIM_EXPIRY));
}
}
use of org.apache.cxf.rs.security.jose.jwe.JweDecryptionProvider in project cxf by apache.
the class JoseClientCodeStateManager method fromRedirectState.
@Override
public MultivaluedMap<String, String> fromRedirectState(MessageContext mc, MultivaluedMap<String, String> redirectState) {
String stateParam = redirectState.getFirst(OAuthConstants.STATE);
if (storeInSession) {
stateParam = OAuthUtils.getSessionToken(mc, stateParam);
}
JweDecryptionProvider jwe = getInitializedDecryptionProvider();
if (jwe != null) {
stateParam = jwe.decrypt(stateParam).getContentText();
}
JwsCompactConsumer jws = new JwsCompactConsumer(stateParam);
JwsSignatureVerifier theSigVerifier = getInitializedSigVerifier();
if (!jws.verifySignatureWith(theSigVerifier)) {
throw new SecurityException();
}
String json = jws.getUnsignedEncodedSequence();
// CHECKSTYLE:OFF
Map<String, List<String>> map = CastUtils.cast((Map<?, ?>) jsonp.fromJson(json));
// NOPMD
return (MultivaluedMap<String, String>) map;
// CHECKSTYLE:ON
}
Aggregations