Examples with JweEncryptionProvider org.apache.cxf.rs.security.jose.jwe.JweEncryptionProvider used on opensource projects

Search in sources :

Example 1 with JweEncryptionProvider

use of org.apache.cxf.rs.security.jose.jwe.JweEncryptionProvider in project cxf by apache.

the class JoseClientCodeStateManager method toRedirectState.

@Override
public MultivaluedMap<String, String> toRedirectState(MessageContext mc, MultivaluedMap<String, String> requestState) {
    JweEncryptionProvider theEncryptionProvider = getInitializedEncryptionProvider();
    JwsSignatureProvider theSigProvider = getInitializedSigProvider(theEncryptionProvider);
    if (theEncryptionProvider == null && theSigProvider == null) {
        throw new OAuthServiceException("The state can not be protected");
    }
    MultivaluedMap<String, String> redirectMap = new MetadataMap<String, String>();
    if (generateNonce && theSigProvider != null) {
        JwsCompactProducer nonceProducer = new JwsCompactProducer(OAuthUtils.generateRandomTokenKey());
        String nonceParam = nonceProducer.signWith(theSigProvider);
        requestState.putSingle(OAuthConstants.NONCE, nonceParam);
        redirectMap.putSingle(OAuthConstants.NONCE, nonceParam);
    }
    Map<String, Object> stateMap = CastUtils.cast((Map<?, ?>) requestState);
    String json = jsonp.toJson(stateMap);
    String stateParam = null;
    if (theSigProvider != null) {
        JwsCompactProducer stateProducer = new JwsCompactProducer(json);
        stateParam = stateProducer.signWith(theSigProvider);
    }
    if (theEncryptionProvider != null) {
        stateParam = theEncryptionProvider.encrypt(StringUtils.toBytesUTF8(stateParam), null);
    }
    if (storeInSession) {
        String sessionStateAttribute = OAuthUtils.generateRandomTokenKey();
        OAuthUtils.setSessionToken(mc, stateParam, sessionStateAttribute, 0);
        stateParam = sessionStateAttribute;
    }
    redirectMap.putSingle(OAuthConstants.STATE, stateParam);
    return redirectMap;
}
Also used : MetadataMap(org.apache.cxf.jaxrs.impl.MetadataMap) JweEncryptionProvider(org.apache.cxf.rs.security.jose.jwe.JweEncryptionProvider) OAuthServiceException(org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException) JwsCompactProducer(org.apache.cxf.rs.security.jose.jws.JwsCompactProducer) JwsSignatureProvider(org.apache.cxf.rs.security.jose.jws.JwsSignatureProvider) NoneJwsSignatureProvider(org.apache.cxf.rs.security.jose.jws.NoneJwsSignatureProvider)

Example 2 with JweEncryptionProvider

use of org.apache.cxf.rs.security.jose.jwe.JweEncryptionProvider in project cxf by apache.

the class OAuthServerJoseJwtProducer method getInitializedEncryptionProvider.

protected JweEncryptionProvider getInitializedEncryptionProvider(Client c) {
    JweEncryptionProvider theEncryptionProvider = null;
    if (encryptWithClientCertificates && c != null && !c.getApplicationCertificates().isEmpty()) {
        X509Certificate cert = (X509Certificate) CryptoUtils.decodeCertificate(c.getApplicationCertificates().get(0));
        theEncryptionProvider = JweUtils.createJweEncryptionProvider(cert.getPublicKey(), KeyAlgorithm.RSA_OAEP, ContentAlgorithm.A128GCM, null);
    }
    if (theEncryptionProvider == null && c != null && c.getClientSecret() != null) {
        theEncryptionProvider = super.getInitializedEncryptionProvider(c.getClientSecret());
    }
    return theEncryptionProvider;
}
Also used : JweEncryptionProvider(org.apache.cxf.rs.security.jose.jwe.JweEncryptionProvider) X509Certificate(java.security.cert.X509Certificate)

Example 3 with JweEncryptionProvider

use of org.apache.cxf.rs.security.jose.jwe.JweEncryptionProvider in project cxf by apache.

the class JoseProducer method processData.

public String processData(String data) {
    super.checkProcessRequirements();
    JweEncryptionProvider theEncProvider = null;
    JweHeaders jweHeaders = new JweHeaders();
    if (isJweRequired()) {
        theEncProvider = getInitializedEncryptionProvider(jweHeaders);
        if (theEncProvider == null) {
            throw new JoseException("Unable to encrypt the data");
        }
    }
    if (isJwsRequired()) {
        JwsHeaders jwsHeaders = new JwsHeaders();
        JwsCompactProducer jws = new JwsCompactProducer(jwsHeaders, data);
        JwsSignatureProvider theSigProvider = getInitializedSignatureProvider(jwsHeaders);
        if (theSigProvider == null) {
            throw new JoseException("Unable to sign the data");
        }
        data = jws.signWith(theSigProvider);
    }
    if (theEncProvider != null) {
        data = theEncProvider.encrypt(StringUtils.toBytesUTF8(data), jweHeaders);
    }
    return data;
}
Also used : JwsHeaders(org.apache.cxf.rs.security.jose.jws.JwsHeaders) JweEncryptionProvider(org.apache.cxf.rs.security.jose.jwe.JweEncryptionProvider) JwsCompactProducer(org.apache.cxf.rs.security.jose.jws.JwsCompactProducer) JweHeaders(org.apache.cxf.rs.security.jose.jwe.JweHeaders) JwsSignatureProvider(org.apache.cxf.rs.security.jose.jws.JwsSignatureProvider)

Example 4 with JweEncryptionProvider

use of org.apache.cxf.rs.security.jose.jwe.JweEncryptionProvider in project cxf by apache.

the class JWTTokenProvider method encryptToken.

private String encryptToken(String token, JweHeaders jweHeaders, STSPropertiesMBean stsProperties, EncryptionProperties encryptionProperties, KeyRequirements keyRequirements) throws Exception {
    Properties encProperties = new Properties();
    String name = encryptionProperties.getEncryptionName();
    if (name == null) {
        name = stsProperties.getEncryptionUsername();
    }
    if (name == null) {
        LOG.fine("No encryption alias is configured");
        return token;
    }
    encProperties.put(JoseConstants.RSSEC_KEY_STORE_ALIAS, name);
    // Get the encryption algorithm to use - for now we don't allow the client to ask
    // for a particular encryption algorithm, as with SAML
    String encryptionAlgorithm = encryptionProperties.getEncryptionAlgorithm();
    try {
        ContentAlgorithm.getAlgorithm(encryptionAlgorithm);
    } catch (IllegalArgumentException ex) {
        encryptionAlgorithm = ContentAlgorithm.A128GCM.name();
    }
    encProperties.put(JoseConstants.RSSEC_ENCRYPTION_CONTENT_ALGORITHM, encryptionAlgorithm);
    // Get the key-wrap algorithm to use - for now we don't allow the client to ask
    // for a particular encryption algorithm, as with SAML
    String keyWrapAlgorithm = encryptionProperties.getKeyWrapAlgorithm();
    try {
        KeyAlgorithm.getAlgorithm(keyWrapAlgorithm);
    } catch (IllegalArgumentException ex) {
        keyWrapAlgorithm = KeyAlgorithm.RSA_OAEP.name();
    }
    encProperties.put(JoseConstants.RSSEC_ENCRYPTION_KEY_ALGORITHM, keyWrapAlgorithm);
    // Initialise encryption objects with defaults of STSPropertiesMBean
    Crypto encryptionCrypto = stsProperties.getEncryptionCrypto();
    if (!(encryptionCrypto instanceof Merlin)) {
        throw new STSException("Can't get the keystore", STSException.REQUEST_FAILED);
    }
    KeyStore keystore = ((Merlin) encryptionCrypto).getKeyStore();
    encProperties.put(JoseConstants.RSSEC_KEY_STORE, keystore);
    JweEncryptionProvider encProvider = JweUtils.loadEncryptionProvider(encProperties, jweHeaders);
    return encProvider.encrypt(StringUtils.toBytesUTF8(token), null);
}
Also used : Crypto(org.apache.wss4j.common.crypto.Crypto) JweEncryptionProvider(org.apache.cxf.rs.security.jose.jwe.JweEncryptionProvider) STSException(org.apache.cxf.ws.security.sts.provider.STSException) EncryptionProperties(org.apache.cxf.sts.service.EncryptionProperties) SignatureProperties(org.apache.cxf.sts.SignatureProperties) Properties(java.util.Properties) RealmProperties(org.apache.cxf.sts.token.realm.RealmProperties) KeyStore(java.security.KeyStore) Merlin(org.apache.wss4j.common.crypto.Merlin)

Example 5 with JweEncryptionProvider

use of org.apache.cxf.rs.security.jose.jwe.JweEncryptionProvider in project cxf by apache.

the class AbstractJweJsonWriterProvider method getInitializedEncryptionProviders.

protected List<JweEncryptionProvider> getInitializedEncryptionProviders(List<String> propLocs, JweHeaders sharedProtectedHeaders, List<JweHeaders> perRecipientUnprotectedHeaders) {
    if (encProviders != null) {
        return encProviders;
    }
    // The task is to have a single ContentEncryptionProvider instance,
    // configured to generate CEK only once, paired with all the loaded
    // KeyEncryptionProviders to have JweEncryptionProviders initialized
    Message m = JAXRSUtils.getCurrentMessage();
    // Load all the properties
    List<Properties> propsList = new ArrayList<Properties>(propLocs.size());
    for (int i = 0; i < propLocs.size(); i++) {
        propsList.add(JweUtils.loadJweProperties(m, propLocs.get(i)));
    }
    ContentAlgorithm ctAlgo = null;
    // This set is to find out how many key encryption algorithms are used
    // If only one then save it in the shared protected headers as opposed to
    // per-recipient specific not protected ones
    Set<KeyAlgorithm> keyAlgos = new HashSet<KeyAlgorithm>();
    List<KeyEncryptionProvider> keyProviders = new LinkedList<KeyEncryptionProvider>();
    for (int i = 0; i < propLocs.size(); i++) {
        Properties props = propsList.get(i);
        ContentAlgorithm currentCtAlgo = JweUtils.getContentEncryptionAlgorithm(m, props, ContentAlgorithm.A128GCM);
        if (ctAlgo == null) {
            ctAlgo = currentCtAlgo;
        } else if (currentCtAlgo != null && !ctAlgo.equals(currentCtAlgo)) {
            // ctAlgo must be the same for all the recipients
            throw new JweException(JweException.Error.INVALID_CONTENT_ALGORITHM);
        }
        JweHeaders perRecipientUnprotectedHeader = perRecipientUnprotectedHeaders.get(i);
        KeyEncryptionProvider keyEncryptionProvider = JweUtils.loadKeyEncryptionProvider(props, m, perRecipientUnprotectedHeader);
        if (keyEncryptionProvider.getAlgorithm() == KeyAlgorithm.DIRECT && propLocs.size() > 1) {
            throw new JweException(JweException.Error.INVALID_JSON_JWE);
        }
        keyProviders.add(keyEncryptionProvider);
        keyAlgos.add(perRecipientUnprotectedHeader.getKeyEncryptionAlgorithm());
    }
    if (ctAlgo == null) {
        throw new JweException(JweException.Error.INVALID_CONTENT_ALGORITHM);
    }
    sharedProtectedHeaders.setContentEncryptionAlgorithm(ctAlgo);
    List<JweEncryptionProvider> theEncProviders = new LinkedList<JweEncryptionProvider>();
    if (keyProviders.size() == 1 && keyProviders.get(0).getAlgorithm() == KeyAlgorithm.DIRECT) {
        JsonWebKey jwk = JwkUtils.loadJsonWebKey(m, propsList.get(0), KeyOperation.ENCRYPT);
        if (jwk != null) {
            ContentEncryptionProvider ctProvider = JweUtils.getContentEncryptionProvider(jwk, ctAlgo);
            JweEncryptionProvider encProvider = new JweEncryption(keyProviders.get(0), ctProvider);
            theEncProviders.add(encProvider);
        }
    } else {
        ContentEncryptionProvider ctProvider = JweUtils.getContentEncryptionProvider(ctAlgo, true);
        for (int i = 0; i < keyProviders.size(); i++) {
            JweEncryptionProvider encProvider = new JweEncryption(keyProviders.get(0), ctProvider);
            theEncProviders.add(encProvider);
        }
    }
    if (keyAlgos.size() == 1) {
        sharedProtectedHeaders.setKeyEncryptionAlgorithm(keyAlgos.iterator().next());
        for (int i = 0; i < perRecipientUnprotectedHeaders.size(); i++) {
            perRecipientUnprotectedHeaders.get(i).removeProperty(JoseConstants.JWE_HEADER_KEY_ENC_ALGORITHM);
        }
    }
    return theEncProviders;
}
Also used : ContentEncryptionProvider(org.apache.cxf.rs.security.jose.jwe.ContentEncryptionProvider) KeyEncryptionProvider(org.apache.cxf.rs.security.jose.jwe.KeyEncryptionProvider) Message(org.apache.cxf.message.Message) JweEncryptionProvider(org.apache.cxf.rs.security.jose.jwe.JweEncryptionProvider) ArrayList(java.util.ArrayList) JsonWebKey(org.apache.cxf.rs.security.jose.jwk.JsonWebKey) Properties(java.util.Properties) JweEncryption(org.apache.cxf.rs.security.jose.jwe.JweEncryption) LinkedList(java.util.LinkedList) KeyAlgorithm(org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm) JweHeaders(org.apache.cxf.rs.security.jose.jwe.JweHeaders) JweException(org.apache.cxf.rs.security.jose.jwe.JweException) ContentAlgorithm(org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm) HashSet(java.util.HashSet)

Aggregations

JweEncryptionProvider (org.apache.cxf.rs.security.jose.jwe.JweEncryptionProvider)8 JweHeaders (org.apache.cxf.rs.security.jose.jwe.JweHeaders)4 JwsSignatureProvider (org.apache.cxf.rs.security.jose.jws.JwsSignatureProvider)3 ByteArrayInputStream (java.io.ByteArrayInputStream)2 OutputStream (java.io.OutputStream)2 ArrayList (java.util.ArrayList)2 Properties (java.util.Properties)2 MediaType (javax.ws.rs.core.MediaType)2 CachedOutputStream (org.apache.cxf.io.CachedOutputStream)2 JweException (org.apache.cxf.rs.security.jose.jwe.JweException)2 JwsCompactProducer (org.apache.cxf.rs.security.jose.jws.JwsCompactProducer)2 IOException (java.io.IOException)1 KeyStore (java.security.KeyStore)1 X509Certificate (java.security.cert.X509Certificate)1 HashSet (java.util.HashSet)1 LinkedList (java.util.LinkedList)1 DeflaterOutputStream (java.util.zip.DeflaterOutputStream)1 MetadataMap (org.apache.cxf.jaxrs.impl.MetadataMap)1 Message (org.apache.cxf.message.Message)1 ContentAlgorithm (org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial