Search in sources :

Example 6 with JweEncryptionProvider

use of org.apache.cxf.rs.security.jose.jwe.JweEncryptionProvider in project cxf by apache.

the class JweJsonWriterInterceptor method aroundWriteTo.

@Override
public void aroundWriteTo(WriterInterceptorContext ctx) throws IOException, WebApplicationException {
    if (ctx.getEntity() == null) {
        ctx.proceed();
        return;
    }
    OutputStream actualOs = ctx.getOutputStream();
    JweHeaders sharedProtectedHeaders = new JweHeaders();
    List<String> propLocs = getPropertyLocations();
    List<JweHeaders> perRecipientUnprotectedHeaders = new ArrayList<JweHeaders>(propLocs.size());
    for (int i = 0; i < propLocs.size(); i++) {
        perRecipientUnprotectedHeaders.add(new JweHeaders());
    }
    List<JweEncryptionProvider> providers = getInitializedEncryptionProviders(propLocs, sharedProtectedHeaders, perRecipientUnprotectedHeaders);
    String ctString = null;
    MediaType contentMediaType = ctx.getMediaType();
    if (contentTypeRequired && contentMediaType != null) {
        if ("application".equals(contentMediaType.getType())) {
            ctString = contentMediaType.getSubtype();
        } else {
            ctString = JAXRSUtils.mediaTypeToString(contentMediaType);
        }
    }
    if (ctString != null) {
        sharedProtectedHeaders.setContentType(ctString);
    }
    protectHttpHeadersIfNeeded(ctx, sharedProtectedHeaders);
    if (useJweOutputStream) {
    // TODO
    } else {
        CachedOutputStream cos = new CachedOutputStream();
        ctx.setOutputStream(cos);
        ctx.proceed();
        JweJsonProducer producer = new JweJsonProducer(sharedProtectedHeaders, cos.getBytes());
        String jweContent = producer.encryptWith(providers, perRecipientUnprotectedHeaders);
        setJoseMediaType(ctx);
        IOUtils.copy(new ByteArrayInputStream(StringUtils.toBytesUTF8(jweContent)), actualOs);
        actualOs.flush();
    }
}
Also used : JweJsonProducer(org.apache.cxf.rs.security.jose.jwe.JweJsonProducer) JweEncryptionProvider(org.apache.cxf.rs.security.jose.jwe.JweEncryptionProvider) OutputStream(java.io.OutputStream) CachedOutputStream(org.apache.cxf.io.CachedOutputStream) ArrayList(java.util.ArrayList) JweHeaders(org.apache.cxf.rs.security.jose.jwe.JweHeaders) CachedOutputStream(org.apache.cxf.io.CachedOutputStream) ByteArrayInputStream(java.io.ByteArrayInputStream) MediaType(javax.ws.rs.core.MediaType)

Example 7 with JweEncryptionProvider

use of org.apache.cxf.rs.security.jose.jwe.JweEncryptionProvider in project cxf by apache.

the class JweWriterInterceptor method aroundWriteTo.

@Override
public void aroundWriteTo(WriterInterceptorContext ctx) throws IOException, WebApplicationException {
    if (ctx.getEntity() == null) {
        ctx.proceed();
        return;
    }
    OutputStream actualOs = ctx.getOutputStream();
    JweHeaders jweHeaders = new JweHeaders();
    JweEncryptionProvider theEncryptionProvider = getInitializedEncryptionProvider(jweHeaders);
    String ctString = null;
    MediaType contentMediaType = ctx.getMediaType();
    if (contentTypeRequired && contentMediaType != null) {
        if ("application".equals(contentMediaType.getType())) {
            ctString = contentMediaType.getSubtype();
        } else {
            ctString = JAXRSUtils.mediaTypeToString(contentMediaType);
        }
    }
    if (ctString != null) {
        jweHeaders.setContentType(ctString);
    }
    protectHttpHeadersIfNeeded(ctx, jweHeaders);
    if (useJweOutputStream) {
        JweEncryptionOutput encryption = theEncryptionProvider.getEncryptionOutput(new JweEncryptionInput(jweHeaders));
        JoseUtils.traceHeaders(encryption.getHeaders());
        try {
            JweCompactBuilder.startJweContent(actualOs, encryption.getHeaders(), encryption.getContentEncryptionKey(), encryption.getIv());
        } catch (IOException ex) {
            LOG.warning("JWE encryption error");
            throw new JweException(JweException.Error.CONTENT_ENCRYPTION_FAILURE, ex);
        }
        OutputStream wrappedStream = null;
        JweOutputStream jweOutputStream = new JweOutputStream(actualOs, encryption.getCipher(), encryption.getAuthTagProducer());
        wrappedStream = jweOutputStream;
        if (encryption.isCompressionSupported()) {
            wrappedStream = new DeflaterOutputStream(jweOutputStream);
        }
        ctx.setOutputStream(wrappedStream);
        ctx.proceed();
        setJoseMediaType(ctx);
        jweOutputStream.finalFlush();
    } else {
        CachedOutputStream cos = new CachedOutputStream();
        ctx.setOutputStream(cos);
        ctx.proceed();
        String jweContent = theEncryptionProvider.encrypt(cos.getBytes(), jweHeaders);
        JoseUtils.traceHeaders(jweHeaders);
        setJoseMediaType(ctx);
        IOUtils.copy(new ByteArrayInputStream(StringUtils.toBytesUTF8(jweContent)), actualOs);
        actualOs.flush();
    }
}
Also used : JweOutputStream(org.apache.cxf.rs.security.jose.jwe.JweOutputStream) JweEncryptionProvider(org.apache.cxf.rs.security.jose.jwe.JweEncryptionProvider) DeflaterOutputStream(java.util.zip.DeflaterOutputStream) JweOutputStream(org.apache.cxf.rs.security.jose.jwe.JweOutputStream) OutputStream(java.io.OutputStream) CachedOutputStream(org.apache.cxf.io.CachedOutputStream) IOException(java.io.IOException) JweHeaders(org.apache.cxf.rs.security.jose.jwe.JweHeaders) CachedOutputStream(org.apache.cxf.io.CachedOutputStream) JweEncryptionInput(org.apache.cxf.rs.security.jose.jwe.JweEncryptionInput) JweEncryptionOutput(org.apache.cxf.rs.security.jose.jwe.JweEncryptionOutput) JweException(org.apache.cxf.rs.security.jose.jwe.JweException) ByteArrayInputStream(java.io.ByteArrayInputStream) DeflaterOutputStream(java.util.zip.DeflaterOutputStream) MediaType(javax.ws.rs.core.MediaType)

Example 8 with JweEncryptionProvider

use of org.apache.cxf.rs.security.jose.jwe.JweEncryptionProvider in project meecrowave by apache.

the class OAuth2Configurer method preCompute.

// TODO: still some missing configuration for jwt etc to add/wire from OAuth2Options
@PostConstruct
private void preCompute() {
    configuration = builder.getExtension(OAuth2Options.class);
    AbstractOAuthDataProvider provider;
    switch(configuration.getProvider().toLowerCase(ENGLISH)) {
        case "jpa":
            {
                if (!configuration.isAuthorizationCodeSupport()) {
                    // else use code impl
                    final JPAOAuthDataProvider jpaProvider = new JPAOAuthDataProvider();
                    jpaProvider.setEntityManagerFactory(JPAAdapter.createEntityManagerFactory(configuration));
                    provider = jpaProvider;
                    break;
                }
            }
        case "jpa-code":
            {
                final JPACodeDataProvider jpaProvider = new JPACodeDataProvider();
                jpaProvider.setEntityManagerFactory(JPAAdapter.createEntityManagerFactory(configuration));
                provider = jpaProvider;
                break;
            }
        case "jcache":
            if (!configuration.isAuthorizationCodeSupport()) {
                // else use code impl
                jCacheConfigurer.doSetup(configuration);
                try {
                    provider = new JCacheOAuthDataProvider(configuration.getJcacheConfigUri(), bus, configuration.isJcacheStoreJwtKeyOnly());
                } catch (final Exception e) {
                    throw new IllegalStateException(e);
                }
                break;
            }
        case "jcache-code":
            jCacheConfigurer.doSetup(configuration);
            try {
                provider = new JCacheCodeDataProvider(configuration, bus);
            } catch (final Exception e) {
                throw new IllegalStateException(e);
            }
            break;
        case // not sure it makes sense since we have jcache but this one is cheap to support
        "ehcache":
            provider = new DefaultEHCacheOAuthDataProvider(configuration.getJcacheConfigUri(), bus);
            break;
        case "encrypted":
            if (!configuration.isAuthorizationCodeSupport()) {
                // else use code impl
                provider = new DefaultEncryptingOAuthDataProvider(new SecretKeySpec(configuration.getEncryptedKey().getBytes(StandardCharsets.UTF_8), configuration.getEncryptedAlgo()));
                break;
            }
        case "encrypted-code":
            provider = new DefaultEncryptingCodeDataProvider(new SecretKeySpec(configuration.getEncryptedKey().getBytes(StandardCharsets.UTF_8), configuration.getEncryptedAlgo()));
            break;
        default:
            throw new IllegalArgumentException("Unsupported oauth2 provider: " + configuration.getProvider());
    }
    final RefreshTokenGrantHandler refreshTokenGrantHandler = new RefreshTokenGrantHandler();
    refreshTokenGrantHandler.setDataProvider(provider);
    refreshTokenGrantHandler.setUseAllClientScopes(configuration.isUseAllClientScopes());
    refreshTokenGrantHandler.setPartialMatchScopeValidation(configuration.isPartialMatchScopeValidation());
    final ResourceOwnerLoginHandler loginHandler = configuration.isJaas() ? new JAASResourceOwnerLoginHandler() : (client, name, password) -> {
        try {
            request.login(name, password);
            try {
                final Principal pcp = request.getUserPrincipal();
                final List<String> roles = GenericPrincipal.class.isInstance(pcp) ? new ArrayList<>(asList(GenericPrincipal.class.cast(pcp).getRoles())) : Collections.<String>emptyList();
                final UserSubject userSubject = new UserSubject(name, roles);
                userSubject.setAuthenticationMethod(PASSWORD);
                return userSubject;
            } finally {
                request.logout();
            }
        } catch (final ServletException e) {
            throw new AuthenticationException(e.getMessage());
        }
    };
    final List<AccessTokenGrantHandler> handlers = new ArrayList<>();
    handlers.add(refreshTokenGrantHandler);
    handlers.add(new ClientCredentialsGrantHandler());
    handlers.add(new ResourceOwnerGrantHandler() {

        {
            setLoginHandler(loginHandler);
        }
    });
    handlers.add(new AuthorizationCodeGrantHandler());
    handlers.add(new JwtBearerGrantHandler());
    provider.setUseJwtFormatForAccessTokens(configuration.isUseJwtFormatForAccessTokens());
    provider.setAccessTokenLifetime(configuration.getAccessTokenLifetime());
    provider.setRefreshTokenLifetime(configuration.getRefreshTokenLifetime());
    provider.setRecycleRefreshTokens(configuration.isRecycleRefreshTokens());
    provider.setSupportPreauthorizedTokens(configuration.isSupportPreauthorizedTokens());
    ofNullable(configuration.getRequiredScopes()).map(s -> asList(s.split(","))).ifPresent(provider::setRequiredScopes);
    ofNullable(configuration.getDefaultScopes()).map(s -> asList(s.split(","))).ifPresent(provider::setDefaultScopes);
    ofNullable(configuration.getInvisibleToClientScopes()).map(s -> asList(s.split(","))).ifPresent(provider::setInvisibleToClientScopes);
    ofNullable(configuration.getJwtAccessTokenClaimMap()).map(s -> new Properties() {

        {
            try {
                load(new StringReader(s));
            } catch (IOException e) {
                throw new IllegalArgumentException("Bad claim map configuration, use properties syntax");
            }
        }
    }).ifPresent(m -> provider.setJwtAccessTokenClaimMap(new HashMap<>(Map.class.cast(m))));
    final OAuthDataProvider dataProvider;
    if (configuration.isRefreshToken()) {
        dataProvider = new RefreshTokenEnabledProvider(provider);
        if (provider.getInvisibleToClientScopes() == null) {
            provider.setInvisibleToClientScopes(new ArrayList<>());
        }
        provider.getInvisibleToClientScopes().add(OAuthConstants.REFRESH_TOKEN_SCOPE);
    } else {
        dataProvider = provider;
    }
    handlers.stream().filter(AbstractGrantHandler.class::isInstance).forEach(h -> {
        final AbstractGrantHandler handler = AbstractGrantHandler.class.cast(h);
        handler.setDataProvider(dataProvider);
        handler.setCanSupportPublicClients(configuration.isCanSupportPublicClients());
        handler.setPartialMatchScopeValidation(configuration.isPartialMatchScopeValidation());
    });
    abstractTokenServiceConsumer = s -> {
        // this is used @RequestScoped so ensure it is not slow for no reason
        s.setCanSupportPublicClients(configuration.isCanSupportPublicClients());
        s.setBlockUnsecureRequests(configuration.isBlockUnsecureRequests());
        s.setWriteCustomErrors(configuration.isWriteCustomErrors());
        s.setWriteOptionalParameters(configuration.isWriteOptionalParameters());
        s.setDataProvider(dataProvider);
    };
    tokenServiceConsumer = s -> {
        // this is used @RequestScoped so ensure it is not slow for no reason
        abstractTokenServiceConsumer.accept(s);
        s.setGrantHandlers(handlers);
    };
    final List<String> noConsentScopes = ofNullable(configuration.getScopesRequiringNoConsent()).map(s -> asList(s.split(","))).orElse(null);
    // we prefix them oauth2.cxf. but otherwise it is the plain cxf config
    final Map<String, String> contextualProperties = ofNullable(builder.getProperties()).map(Properties::stringPropertyNames).orElse(emptySet()).stream().filter(s -> s.startsWith("oauth2.cxf.rs.security.")).collect(toMap(s -> s.substring("oauth2.cxf.".length()), s -> builder.getProperties().getProperty(s)));
    final JoseSessionTokenProvider sessionAuthenticityTokenProvider = new JoseSessionTokenProvider() {

        private int maxDefaultSessionInterval;

        private boolean jweRequired;

        private JweEncryptionProvider jweEncryptor;

        // workaround a NPE of 3.2.0 - https://issues.apache.org/jira/browse/CXF-7504
        @Override
        public String createSessionToken(final MessageContext mc, final MultivaluedMap<String, String> params, final UserSubject subject, final OAuthRedirectionState secData) {
            String stateString = convertStateToString(secData);
            final JwsSignatureProvider jws = getInitializedSigProvider();
            final JweEncryptionProvider jwe = jweEncryptor == null ? JweUtils.loadEncryptionProvider(new JweHeaders(), jweRequired) : jweEncryptor;
            if (jws == null && jwe == null) {
                throw new OAuthServiceException("Session token can not be created");
            }
            if (jws != null) {
                stateString = JwsUtils.sign(jws, stateString, null);
            }
            if (jwe != null) {
                stateString = jwe.encrypt(StringUtils.toBytesUTF8(stateString), null);
            }
            return OAuthUtils.setSessionToken(mc, stateString, maxDefaultSessionInterval);
        }

        public void setJweEncryptor(final JweEncryptionProvider jweEncryptor) {
            super.setJweEncryptor(jweEncryptor);
            this.jweEncryptor = jweEncryptor;
        }

        @Override
        public void setJweRequired(final boolean jweRequired) {
            super.setJweRequired(jweRequired);
            this.jweRequired = jweRequired;
        }

        @Override
        public void setMaxDefaultSessionInterval(final int maxDefaultSessionInterval) {
            super.setMaxDefaultSessionInterval(maxDefaultSessionInterval);
            this.maxDefaultSessionInterval = maxDefaultSessionInterval;
        }
    };
    sessionAuthenticityTokenProvider.setMaxDefaultSessionInterval(configuration.getMaxDefaultSessionInterval());
    // TODO: other configs
    redirectionBasedGrantServiceConsumer = s -> {
        s.setDataProvider(dataProvider);
        s.setBlockUnsecureRequests(configuration.isBlockUnsecureRequests());
        s.setWriteOptionalParameters(configuration.isWriteOptionalParameters());
        s.setUseAllClientScopes(configuration.isUseAllClientScopes());
        s.setPartialMatchScopeValidation(configuration.isPartialMatchScopeValidation());
        s.setUseRegisteredRedirectUriIfPossible(configuration.isUseRegisteredRedirectUriIfPossible());
        s.setMaxDefaultSessionInterval(configuration.getMaxDefaultSessionInterval());
        s.setMatchRedirectUriWithApplicationUri(configuration.isMatchRedirectUriWithApplicationUri());
        s.setScopesRequiringNoConsent(noConsentScopes);
        s.setSessionAuthenticityTokenProvider(sessionAuthenticityTokenProvider);
        // TODO: make it even more contextual, client based?
        final Message currentMessage = PhaseInterceptorChain.getCurrentMessage();
        contextualProperties.forEach(currentMessage::put);
    };
}
Also used : JCacheOAuthDataProvider(org.apache.cxf.rs.security.oauth2.provider.JCacheOAuthDataProvider) ServletException(javax.servlet.ServletException) StringUtils(org.apache.cxf.common.util.StringUtils) SecretKeySpec(javax.crypto.spec.SecretKeySpec) Collectors.toMap(java.util.stream.Collectors.toMap) AbstractTokenService(org.apache.cxf.rs.security.oauth2.services.AbstractTokenService) ClientCredentialsGrantHandler(org.apache.cxf.rs.security.oauth2.grants.clientcred.ClientCredentialsGrantHandler) Arrays.asList(java.util.Arrays.asList) Map(java.util.Map) JCacheCodeDataProvider(org.apache.meecrowave.oauth2.provider.JCacheCodeDataProvider) RefreshTokenEnabledProvider(org.apache.meecrowave.oauth2.data.RefreshTokenEnabledProvider) AuthorizationCodeGrantHandler(org.apache.cxf.rs.security.oauth2.grants.code.AuthorizationCodeGrantHandler) DefaultEncryptingCodeDataProvider(org.apache.cxf.rs.security.oauth2.grants.code.DefaultEncryptingCodeDataProvider) JwtBearerGrantHandler(org.apache.cxf.rs.security.oauth2.grants.jwt.JwtBearerGrantHandler) ResourceOwnerLoginHandler(org.apache.cxf.rs.security.oauth2.grants.owner.ResourceOwnerLoginHandler) ENGLISH(java.util.Locale.ENGLISH) ResourceOwnerGrantHandler(org.apache.cxf.rs.security.oauth2.grants.owner.ResourceOwnerGrantHandler) OAuth2TokenService(org.apache.meecrowave.oauth2.resource.OAuth2TokenService) JPACodeDataProvider(org.apache.cxf.rs.security.oauth2.grants.code.JPACodeDataProvider) JweEncryptionProvider(org.apache.cxf.rs.security.jose.jwe.JweEncryptionProvider) StandardCharsets(java.nio.charset.StandardCharsets) JwsSignatureProvider(org.apache.cxf.rs.security.jose.jws.JwsSignatureProvider) JweUtils(org.apache.cxf.rs.security.jose.jwe.JweUtils) OAuthDataProvider(org.apache.cxf.rs.security.oauth2.provider.OAuthDataProvider) List(java.util.List) Principal(java.security.Principal) AbstractGrantHandler(org.apache.cxf.rs.security.oauth2.grants.AbstractGrantHandler) PostConstruct(javax.annotation.PostConstruct) ApplicationScoped(javax.enterprise.context.ApplicationScoped) PASSWORD(org.apache.cxf.rs.security.oauth2.common.AuthenticationMethod.PASSWORD) AccessTokenGrantHandler(org.apache.cxf.rs.security.oauth2.provider.AccessTokenGrantHandler) Meecrowave(org.apache.meecrowave.Meecrowave) Bus(org.apache.cxf.Bus) JAASResourceOwnerLoginHandler(org.apache.cxf.rs.security.oauth2.grants.owner.JAASResourceOwnerLoginHandler) OAuthServiceException(org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException) RefreshTokenGrantHandler(org.apache.cxf.rs.security.oauth2.grants.refresh.RefreshTokenGrantHandler) HashMap(java.util.HashMap) ArrayList(java.util.ArrayList) Inject(javax.inject.Inject) AbstractOAuthDataProvider(org.apache.cxf.rs.security.oauth2.provider.AbstractOAuthDataProvider) HttpServletRequest(javax.servlet.http.HttpServletRequest) AuthenticationException(org.apache.cxf.interceptor.security.AuthenticationException) MessageContext(org.apache.cxf.jaxrs.ext.MessageContext) DefaultEncryptingOAuthDataProvider(org.apache.cxf.rs.security.oauth2.provider.DefaultEncryptingOAuthDataProvider) RedirectionBasedGrantService(org.apache.cxf.rs.security.oauth2.services.RedirectionBasedGrantService) OAuthUtils(org.apache.cxf.rs.security.oauth2.utils.OAuthUtils) JoseSessionTokenProvider(org.apache.cxf.rs.security.oauth2.provider.JoseSessionTokenProvider) GenericPrincipal(org.apache.catalina.realm.GenericPrincipal) JweHeaders(org.apache.cxf.rs.security.jose.jwe.JweHeaders) Properties(java.util.Properties) JPAOAuthDataProvider(org.apache.cxf.rs.security.oauth2.provider.JPAOAuthDataProvider) Collections.emptySet(java.util.Collections.emptySet) Message(org.apache.cxf.message.Message) Optional.ofNullable(java.util.Optional.ofNullable) IOException(java.io.IOException) MultivaluedMap(javax.ws.rs.core.MultivaluedMap) Consumer(java.util.function.Consumer) DefaultEHCacheOAuthDataProvider(org.apache.cxf.rs.security.oauth2.provider.DefaultEHCacheOAuthDataProvider) StringReader(java.io.StringReader) PhaseInterceptorChain(org.apache.cxf.phase.PhaseInterceptorChain) OAuthConstants(org.apache.cxf.rs.security.oauth2.utils.OAuthConstants) UserSubject(org.apache.cxf.rs.security.oauth2.common.UserSubject) JwsUtils(org.apache.cxf.rs.security.jose.jws.JwsUtils) Collections(java.util.Collections) OAuthRedirectionState(org.apache.cxf.rs.security.oauth2.common.OAuthRedirectionState) AbstractGrantHandler(org.apache.cxf.rs.security.oauth2.grants.AbstractGrantHandler) JPAOAuthDataProvider(org.apache.cxf.rs.security.oauth2.provider.JPAOAuthDataProvider) AuthenticationException(org.apache.cxf.interceptor.security.AuthenticationException) HashMap(java.util.HashMap) JweEncryptionProvider(org.apache.cxf.rs.security.jose.jwe.JweEncryptionProvider) OAuthServiceException(org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException) ArrayList(java.util.ArrayList) JPACodeDataProvider(org.apache.cxf.rs.security.oauth2.grants.code.JPACodeDataProvider) ResourceOwnerLoginHandler(org.apache.cxf.rs.security.oauth2.grants.owner.ResourceOwnerLoginHandler) JAASResourceOwnerLoginHandler(org.apache.cxf.rs.security.oauth2.grants.owner.JAASResourceOwnerLoginHandler) JoseSessionTokenProvider(org.apache.cxf.rs.security.oauth2.provider.JoseSessionTokenProvider) ServletException(javax.servlet.ServletException) SecretKeySpec(javax.crypto.spec.SecretKeySpec) DefaultEHCacheOAuthDataProvider(org.apache.cxf.rs.security.oauth2.provider.DefaultEHCacheOAuthDataProvider) JCacheCodeDataProvider(org.apache.meecrowave.oauth2.provider.JCacheCodeDataProvider) JwsSignatureProvider(org.apache.cxf.rs.security.jose.jws.JwsSignatureProvider) OAuthRedirectionState(org.apache.cxf.rs.security.oauth2.common.OAuthRedirectionState) DefaultEncryptingOAuthDataProvider(org.apache.cxf.rs.security.oauth2.provider.DefaultEncryptingOAuthDataProvider) RefreshTokenGrantHandler(org.apache.cxf.rs.security.oauth2.grants.refresh.RefreshTokenGrantHandler) RefreshTokenEnabledProvider(org.apache.meecrowave.oauth2.data.RefreshTokenEnabledProvider) JCacheOAuthDataProvider(org.apache.cxf.rs.security.oauth2.provider.JCacheOAuthDataProvider) Collectors.toMap(java.util.stream.Collectors.toMap) Map(java.util.Map) HashMap(java.util.HashMap) MultivaluedMap(javax.ws.rs.core.MultivaluedMap) DefaultEncryptingCodeDataProvider(org.apache.cxf.rs.security.oauth2.grants.code.DefaultEncryptingCodeDataProvider) Message(org.apache.cxf.message.Message) AccessTokenGrantHandler(org.apache.cxf.rs.security.oauth2.provider.AccessTokenGrantHandler) Properties(java.util.Properties) JweHeaders(org.apache.cxf.rs.security.jose.jwe.JweHeaders) UserSubject(org.apache.cxf.rs.security.oauth2.common.UserSubject) ResourceOwnerGrantHandler(org.apache.cxf.rs.security.oauth2.grants.owner.ResourceOwnerGrantHandler) StringReader(java.io.StringReader) MessageContext(org.apache.cxf.jaxrs.ext.MessageContext) AbstractOAuthDataProvider(org.apache.cxf.rs.security.oauth2.provider.AbstractOAuthDataProvider) JwtBearerGrantHandler(org.apache.cxf.rs.security.oauth2.grants.jwt.JwtBearerGrantHandler) AuthorizationCodeGrantHandler(org.apache.cxf.rs.security.oauth2.grants.code.AuthorizationCodeGrantHandler) IOException(java.io.IOException) ServletException(javax.servlet.ServletException) OAuthServiceException(org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException) AuthenticationException(org.apache.cxf.interceptor.security.AuthenticationException) IOException(java.io.IOException) ClientCredentialsGrantHandler(org.apache.cxf.rs.security.oauth2.grants.clientcred.ClientCredentialsGrantHandler) JCacheOAuthDataProvider(org.apache.cxf.rs.security.oauth2.provider.JCacheOAuthDataProvider) OAuthDataProvider(org.apache.cxf.rs.security.oauth2.provider.OAuthDataProvider) AbstractOAuthDataProvider(org.apache.cxf.rs.security.oauth2.provider.AbstractOAuthDataProvider) DefaultEncryptingOAuthDataProvider(org.apache.cxf.rs.security.oauth2.provider.DefaultEncryptingOAuthDataProvider) JPAOAuthDataProvider(org.apache.cxf.rs.security.oauth2.provider.JPAOAuthDataProvider) DefaultEHCacheOAuthDataProvider(org.apache.cxf.rs.security.oauth2.provider.DefaultEHCacheOAuthDataProvider) GenericPrincipal(org.apache.catalina.realm.GenericPrincipal) MultivaluedMap(javax.ws.rs.core.MultivaluedMap) JAASResourceOwnerLoginHandler(org.apache.cxf.rs.security.oauth2.grants.owner.JAASResourceOwnerLoginHandler) Principal(java.security.Principal) GenericPrincipal(org.apache.catalina.realm.GenericPrincipal) PostConstruct(javax.annotation.PostConstruct)

Example 9 with JweEncryptionProvider

use of org.apache.cxf.rs.security.jose.jwe.JweEncryptionProvider in project cxf by apache.

the class JoseSessionTokenProvider method protectStateString.

private String protectStateString(String stateString) {
    JwsSignatureProvider jws = getInitializedSigProvider();
    JweEncryptionProvider jwe = getInitializedEncryptionProvider();
    if (jws == null && jwe == null) {
        throw new OAuthServiceException("Session token can not be created");
    }
    if (jws != null) {
        stateString = JwsUtils.sign(jws, stateString, null);
    }
    if (jwe != null) {
        stateString = jwe.encrypt(StringUtils.toBytesUTF8(stateString), null);
    }
    return stateString;
}
Also used : JweEncryptionProvider(org.apache.cxf.rs.security.jose.jwe.JweEncryptionProvider) JwsSignatureProvider(org.apache.cxf.rs.security.jose.jws.JwsSignatureProvider)

Aggregations

JweEncryptionProvider (org.apache.cxf.rs.security.jose.jwe.JweEncryptionProvider)9 JweHeaders (org.apache.cxf.rs.security.jose.jwe.JweHeaders)5 JwsSignatureProvider (org.apache.cxf.rs.security.jose.jws.JwsSignatureProvider)4 ArrayList (java.util.ArrayList)3 Properties (java.util.Properties)3 ByteArrayInputStream (java.io.ByteArrayInputStream)2 IOException (java.io.IOException)2 OutputStream (java.io.OutputStream)2 MediaType (javax.ws.rs.core.MediaType)2 CachedOutputStream (org.apache.cxf.io.CachedOutputStream)2 Message (org.apache.cxf.message.Message)2 JwsCompactProducer (org.apache.cxf.rs.security.jose.jws.JwsCompactProducer)2 StringReader (java.io.StringReader)1 StandardCharsets (java.nio.charset.StandardCharsets)1 KeyStore (java.security.KeyStore)1 Principal (java.security.Principal)1 X509Certificate (java.security.cert.X509Certificate)1 Arrays.asList (java.util.Arrays.asList)1 Collections (java.util.Collections)1 Collections.emptySet (java.util.Collections.emptySet)1