Search in sources :

Example 6 with JweDecryptionProvider

use of org.apache.cxf.rs.security.jose.jwe.JweDecryptionProvider in project cxf by apache.

the class BookStore method getRecipientText.

private String getRecipientText(JweJsonConsumer consumer, String recipientPropLoc, String recipientKid) {
    Message message = JAXRSUtils.getCurrentMessage();
    Properties recipientProps = JweUtils.loadJweProperties(message, recipientPropLoc);
    JsonWebKey recipientKey = JwkUtils.loadJwkSet(message, recipientProps, null).getKey(recipientKid);
    ContentAlgorithm contentEncryptionAlgorithm = JweUtils.getContentEncryptionAlgorithm(recipientProps);
    JweDecryptionProvider jweRecipient = JweUtils.createJweDecryptionProvider(recipientKey, contentEncryptionAlgorithm);
    JweDecryptionOutput jweRecipientOutput = consumer.decryptWith(jweRecipient, Collections.singletonMap("kid", recipientKid));
    return jweRecipientOutput.getContentText();
}
Also used : JweDecryptionOutput(org.apache.cxf.rs.security.jose.jwe.JweDecryptionOutput) Message(org.apache.cxf.message.Message) ContentAlgorithm(org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm) JsonWebKey(org.apache.cxf.rs.security.jose.jwk.JsonWebKey) JweDecryptionProvider(org.apache.cxf.rs.security.jose.jwe.JweDecryptionProvider) Properties(java.util.Properties)

Example 7 with JweDecryptionProvider

use of org.apache.cxf.rs.security.jose.jwe.JweDecryptionProvider in project cxf by apache.

the class AbstractJweJsonDecryptingFilter method decrypt.

protected JweDecryptionOutput decrypt(InputStream is) throws IOException {
    JweJsonConsumer c = new JweJsonConsumer(new String(IOUtils.readBytesFromStream(is), StandardCharsets.UTF_8));
    JweDecryptionProvider theProvider = getInitializedDecryptionProvider(c.getProtectedHeader());
    JweJsonEncryptionEntry entry = c.getJweDecryptionEntry(theProvider, recipientProperties);
    if (entry == null) {
        throw new JweException(JweException.Error.INVALID_JSON_JWE);
    }
    JweDecryptionOutput out = c.decryptWith(theProvider, entry);
    JAXRSUtils.getCurrentMessage().put(JweJsonConsumer.class, c);
    JAXRSUtils.getCurrentMessage().put(JweJsonEncryptionEntry.class, entry);
    return out;
}
Also used : JweDecryptionOutput(org.apache.cxf.rs.security.jose.jwe.JweDecryptionOutput) JweException(org.apache.cxf.rs.security.jose.jwe.JweException) JweJsonConsumer(org.apache.cxf.rs.security.jose.jwe.JweJsonConsumer) JweDecryptionProvider(org.apache.cxf.rs.security.jose.jwe.JweDecryptionProvider) JweJsonEncryptionEntry(org.apache.cxf.rs.security.jose.jwe.JweJsonEncryptionEntry)

Example 8 with JweDecryptionProvider

use of org.apache.cxf.rs.security.jose.jwe.JweDecryptionProvider in project cxf by apache.

the class JWTTokenProviderTest method testCreateSignedEncryptedJWT.

@org.junit.Test
public void testCreateSignedEncryptedJWT() throws Exception {
    TokenProvider jwtTokenProvider = new JWTTokenProvider();
    TokenProviderParameters providerParameters = createProviderParameters();
    providerParameters.setEncryptToken(true);
    assertTrue(jwtTokenProvider.canHandleToken(JWTTokenProvider.JWT_TOKEN_TYPE));
    TokenProviderResponse providerResponse = jwtTokenProvider.createToken(providerParameters);
    assertTrue(providerResponse != null);
    assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
    String token = (String) providerResponse.getToken();
    assertNotNull(token);
    assertTrue(token.split("\\.").length == 5);
    if (unrestrictedPoliciesInstalled) {
        // Validate the token
        JweJwtCompactConsumer jwtConsumer = new JweJwtCompactConsumer(token);
        Properties decProperties = new Properties();
        Crypto decryptionCrypto = CryptoFactory.getInstance(getDecryptionProperties());
        KeyStore keystore = ((Merlin) decryptionCrypto).getKeyStore();
        decProperties.put(JoseConstants.RSSEC_KEY_STORE, keystore);
        decProperties.put(JoseConstants.RSSEC_KEY_STORE_ALIAS, "myservicekey");
        decProperties.put(JoseConstants.RSSEC_KEY_PSWD, "skpass");
        JweDecryptionProvider decProvider = JweUtils.loadDecryptionProvider(decProperties, jwtConsumer.getHeaders());
        JweDecryptionOutput decOutput = decProvider.decrypt(token);
        String decToken = decOutput.getContentText();
        JwsJwtCompactConsumer jwtJwsConsumer = new JwsJwtCompactConsumer(decToken);
        JwtToken jwt = jwtJwsConsumer.getJwtToken();
        Assert.assertEquals("alice", jwt.getClaim(JwtConstants.CLAIM_SUBJECT));
        Assert.assertEquals(providerResponse.getTokenId(), jwt.getClaim(JwtConstants.CLAIM_JWT_ID));
        Assert.assertEquals(providerResponse.getCreated().getEpochSecond(), jwt.getClaim(JwtConstants.CLAIM_ISSUED_AT));
        Assert.assertEquals(providerResponse.getExpires().getEpochSecond(), jwt.getClaim(JwtConstants.CLAIM_EXPIRY));
    }
}
Also used : StaticSTSProperties(org.apache.cxf.sts.StaticSTSProperties) EncryptionProperties(org.apache.cxf.sts.service.EncryptionProperties) SignatureProperties(org.apache.cxf.sts.SignatureProperties) Properties(java.util.Properties) KeyStore(java.security.KeyStore) JwtToken(org.apache.cxf.rs.security.jose.jwt.JwtToken) JWTTokenProvider(org.apache.cxf.sts.token.provider.jwt.JWTTokenProvider) Crypto(org.apache.wss4j.common.crypto.Crypto) JweDecryptionOutput(org.apache.cxf.rs.security.jose.jwe.JweDecryptionOutput) JweDecryptionProvider(org.apache.cxf.rs.security.jose.jwe.JweDecryptionProvider) JwsJwtCompactConsumer(org.apache.cxf.rs.security.jose.jws.JwsJwtCompactConsumer) JweJwtCompactConsumer(org.apache.cxf.rs.security.jose.jwe.JweJwtCompactConsumer) Merlin(org.apache.wss4j.common.crypto.Merlin) JWTTokenProvider(org.apache.cxf.sts.token.provider.jwt.JWTTokenProvider)

Example 9 with JweDecryptionProvider

use of org.apache.cxf.rs.security.jose.jwe.JweDecryptionProvider in project cxf by apache.

the class JWTTokenProviderTest method testCreateUnsignedEncryptedJWT.

@org.junit.Test
public void testCreateUnsignedEncryptedJWT() throws Exception {
    TokenProvider jwtTokenProvider = new JWTTokenProvider();
    ((JWTTokenProvider) jwtTokenProvider).setSignToken(false);
    TokenProviderParameters providerParameters = createProviderParameters();
    providerParameters.setEncryptToken(true);
    assertTrue(jwtTokenProvider.canHandleToken(JWTTokenProvider.JWT_TOKEN_TYPE));
    TokenProviderResponse providerResponse = jwtTokenProvider.createToken(providerParameters);
    assertTrue(providerResponse != null);
    assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
    String token = (String) providerResponse.getToken();
    assertNotNull(token);
    assertTrue(token.split("\\.").length == 5);
    if (unrestrictedPoliciesInstalled) {
        // Validate the token
        JweJwtCompactConsumer jwtConsumer = new JweJwtCompactConsumer(token);
        Properties decProperties = new Properties();
        Crypto decryptionCrypto = CryptoFactory.getInstance(getDecryptionProperties());
        KeyStore keystore = ((Merlin) decryptionCrypto).getKeyStore();
        decProperties.put(JoseConstants.RSSEC_KEY_STORE, keystore);
        decProperties.put(JoseConstants.RSSEC_KEY_STORE_ALIAS, "myservicekey");
        decProperties.put(JoseConstants.RSSEC_KEY_PSWD, "skpass");
        JweDecryptionProvider decProvider = JweUtils.loadDecryptionProvider(decProperties, jwtConsumer.getHeaders());
        JweDecryptionOutput decOutput = decProvider.decrypt(token);
        String decToken = decOutput.getContentText();
        JwsJwtCompactConsumer jwtJwsConsumer = new JwsJwtCompactConsumer(decToken);
        JwtToken jwt = jwtJwsConsumer.getJwtToken();
        Assert.assertEquals("alice", jwt.getClaim(JwtConstants.CLAIM_SUBJECT));
        Assert.assertEquals(providerResponse.getTokenId(), jwt.getClaim(JwtConstants.CLAIM_JWT_ID));
        Assert.assertEquals(providerResponse.getCreated().getEpochSecond(), jwt.getClaim(JwtConstants.CLAIM_ISSUED_AT));
        Assert.assertEquals(providerResponse.getExpires().getEpochSecond(), jwt.getClaim(JwtConstants.CLAIM_EXPIRY));
    }
}
Also used : StaticSTSProperties(org.apache.cxf.sts.StaticSTSProperties) EncryptionProperties(org.apache.cxf.sts.service.EncryptionProperties) SignatureProperties(org.apache.cxf.sts.SignatureProperties) Properties(java.util.Properties) KeyStore(java.security.KeyStore) JwtToken(org.apache.cxf.rs.security.jose.jwt.JwtToken) JWTTokenProvider(org.apache.cxf.sts.token.provider.jwt.JWTTokenProvider) Crypto(org.apache.wss4j.common.crypto.Crypto) JweDecryptionOutput(org.apache.cxf.rs.security.jose.jwe.JweDecryptionOutput) JweDecryptionProvider(org.apache.cxf.rs.security.jose.jwe.JweDecryptionProvider) JwsJwtCompactConsumer(org.apache.cxf.rs.security.jose.jws.JwsJwtCompactConsumer) JweJwtCompactConsumer(org.apache.cxf.rs.security.jose.jwe.JweJwtCompactConsumer) Merlin(org.apache.wss4j.common.crypto.Merlin) JWTTokenProvider(org.apache.cxf.sts.token.provider.jwt.JWTTokenProvider)

Example 10 with JweDecryptionProvider

use of org.apache.cxf.rs.security.jose.jwe.JweDecryptionProvider in project cxf by apache.

the class JoseClientCodeStateManager method fromRedirectState.

@Override
public MultivaluedMap<String, String> fromRedirectState(MessageContext mc, MultivaluedMap<String, String> redirectState) {
    String stateParam = redirectState.getFirst(OAuthConstants.STATE);
    if (storeInSession) {
        stateParam = OAuthUtils.getSessionToken(mc, stateParam);
    }
    JweDecryptionProvider jwe = getInitializedDecryptionProvider();
    if (jwe != null) {
        stateParam = jwe.decrypt(stateParam).getContentText();
    }
    JwsCompactConsumer jws = new JwsCompactConsumer(stateParam);
    JwsSignatureVerifier theSigVerifier = getInitializedSigVerifier();
    if (!jws.verifySignatureWith(theSigVerifier)) {
        throw new SecurityException();
    }
    String json = jws.getUnsignedEncodedSequence();
    // CHECKSTYLE:OFF
    Map<String, List<String>> map = CastUtils.cast((Map<?, ?>) jsonp.fromJson(json));
    // NOPMD
    return (MultivaluedMap<String, String>) map;
// CHECKSTYLE:ON
}
Also used : JwsSignatureVerifier(org.apache.cxf.rs.security.jose.jws.JwsSignatureVerifier) JwsCompactConsumer(org.apache.cxf.rs.security.jose.jws.JwsCompactConsumer) JweDecryptionProvider(org.apache.cxf.rs.security.jose.jwe.JweDecryptionProvider) List(java.util.List) MultivaluedMap(javax.ws.rs.core.MultivaluedMap)

Aggregations

JweDecryptionProvider (org.apache.cxf.rs.security.jose.jwe.JweDecryptionProvider)10 JweDecryptionOutput (org.apache.cxf.rs.security.jose.jwe.JweDecryptionOutput)7 Properties (java.util.Properties)4 JwsSignatureVerifier (org.apache.cxf.rs.security.jose.jws.JwsSignatureVerifier)4 JwtToken (org.apache.cxf.rs.security.jose.jwt.JwtToken)4 KeyStore (java.security.KeyStore)3 JweJwtCompactConsumer (org.apache.cxf.rs.security.jose.jwe.JweJwtCompactConsumer)3 JwsJwtCompactConsumer (org.apache.cxf.rs.security.jose.jws.JwsJwtCompactConsumer)3 SignatureProperties (org.apache.cxf.sts.SignatureProperties)3 StaticSTSProperties (org.apache.cxf.sts.StaticSTSProperties)3 EncryptionProperties (org.apache.cxf.sts.service.EncryptionProperties)3 JWTTokenProvider (org.apache.cxf.sts.token.provider.jwt.JWTTokenProvider)3 Crypto (org.apache.wss4j.common.crypto.Crypto)3 Merlin (org.apache.wss4j.common.crypto.Merlin)3 List (java.util.List)2 MultivaluedMap (javax.ws.rs.core.MultivaluedMap)2 JweCompactConsumer (org.apache.cxf.rs.security.jose.jwe.JweCompactConsumer)2 JwsCompactConsumer (org.apache.cxf.rs.security.jose.jws.JwsCompactConsumer)2 Map (java.util.Map)1 MetadataMap (org.apache.cxf.jaxrs.impl.MetadataMap)1