use of org.apache.cxf.rs.security.jose.jwe.JweEncryption in project cxf by apache.
the class AbstractJweJsonWriterProvider method getInitializedEncryptionProviders.
protected List<JweEncryptionProvider> getInitializedEncryptionProviders(List<String> propLocs, JweHeaders sharedProtectedHeaders, List<JweHeaders> perRecipientUnprotectedHeaders) {
if (encProviders != null) {
return encProviders;
}
// The task is to have a single ContentEncryptionProvider instance,
// configured to generate CEK only once, paired with all the loaded
// KeyEncryptionProviders to have JweEncryptionProviders initialized
Message m = JAXRSUtils.getCurrentMessage();
// Load all the properties
List<Properties> propsList = new ArrayList<>(propLocs.size());
for (int i = 0; i < propLocs.size(); i++) {
propsList.add(JweUtils.loadJweProperties(m, propLocs.get(i)));
}
ContentAlgorithm ctAlgo = null;
// This set is to find out how many key encryption algorithms are used
// If only one then save it in the shared protected headers as opposed to
// per-recipient specific not protected ones
Set<KeyAlgorithm> keyAlgos = new HashSet<>();
List<KeyEncryptionProvider> keyProviders = new LinkedList<>();
for (int i = 0; i < propLocs.size(); i++) {
Properties props = propsList.get(i);
ContentAlgorithm currentCtAlgo = JweUtils.getContentEncryptionAlgorithm(m, props, ContentAlgorithm.A128GCM);
if (ctAlgo == null) {
ctAlgo = currentCtAlgo;
} else if (currentCtAlgo != null && !ctAlgo.equals(currentCtAlgo)) {
// ctAlgo must be the same for all the recipients
throw new JweException(JweException.Error.INVALID_CONTENT_ALGORITHM);
}
JweHeaders perRecipientUnprotectedHeader = perRecipientUnprotectedHeaders.get(i);
KeyEncryptionProvider keyEncryptionProvider = JweUtils.loadKeyEncryptionProvider(props, m, perRecipientUnprotectedHeader);
if (keyEncryptionProvider.getAlgorithm() == KeyAlgorithm.DIRECT && propLocs.size() > 1) {
throw new JweException(JweException.Error.INVALID_JSON_JWE);
}
keyProviders.add(keyEncryptionProvider);
keyAlgos.add(perRecipientUnprotectedHeader.getKeyEncryptionAlgorithm());
}
if (ctAlgo == null) {
throw new JweException(JweException.Error.INVALID_CONTENT_ALGORITHM);
}
sharedProtectedHeaders.setContentEncryptionAlgorithm(ctAlgo);
List<JweEncryptionProvider> theEncProviders = new LinkedList<>();
if (keyProviders.size() == 1 && keyProviders.get(0).getAlgorithm() == KeyAlgorithm.DIRECT) {
JsonWebKey jwk = JwkUtils.loadJsonWebKey(m, propsList.get(0), KeyOperation.ENCRYPT);
if (jwk != null) {
ContentEncryptionProvider ctProvider = JweUtils.getContentEncryptionProvider(jwk, ctAlgo);
JweEncryptionProvider encProvider = new JweEncryption(keyProviders.get(0), ctProvider);
theEncProviders.add(encProvider);
}
} else {
ContentEncryptionProvider ctProvider = JweUtils.getContentEncryptionProvider(ctAlgo, true);
for (int i = 0; i < keyProviders.size(); i++) {
JweEncryptionProvider encProvider = new JweEncryption(keyProviders.get(i), ctProvider);
theEncProviders.add(encProvider);
}
}
if (keyAlgos.size() == 1) {
sharedProtectedHeaders.setKeyEncryptionAlgorithm(keyAlgos.iterator().next());
for (int i = 0; i < perRecipientUnprotectedHeaders.size(); i++) {
perRecipientUnprotectedHeaders.get(i).removeProperty(JoseConstants.JWE_HEADER_KEY_ENC_ALGORITHM);
}
}
return theEncProviders;
}
Aggregations