Example 1 with JweException
use of org.apache.cxf.rs.security.jose.jwe.JweException in project cxf by apache.
the class AbstractJweJsonWriterProvider method getInitializedEncryptionProviders.
protected List<JweEncryptionProvider> getInitializedEncryptionProviders(List<String> propLocs, JweHeaders sharedProtectedHeaders, List<JweHeaders> perRecipientUnprotectedHeaders) {
if (encProviders != null) {
return encProviders;
}
// The task is to have a single ContentEncryptionProvider instance,
// configured to generate CEK only once, paired with all the loaded
// KeyEncryptionProviders to have JweEncryptionProviders initialized
Message m = JAXRSUtils.getCurrentMessage();
// Load all the properties
List<Properties> propsList = new ArrayList<Properties>(propLocs.size());
for (int i = 0; i < propLocs.size(); i++) {
propsList.add(JweUtils.loadJweProperties(m, propLocs.get(i)));
}
ContentAlgorithm ctAlgo = null;
// This set is to find out how many key encryption algorithms are used
// If only one then save it in the shared protected headers as opposed to
// per-recipient specific not protected ones
Set<KeyAlgorithm> keyAlgos = new HashSet<KeyAlgorithm>();
List<KeyEncryptionProvider> keyProviders = new LinkedList<KeyEncryptionProvider>();
for (int i = 0; i < propLocs.size(); i++) {
Properties props = propsList.get(i);
ContentAlgorithm currentCtAlgo = JweUtils.getContentEncryptionAlgorithm(m, props, ContentAlgorithm.A128GCM);
if (ctAlgo == null) {
ctAlgo = currentCtAlgo;
} else if (currentCtAlgo != null && !ctAlgo.equals(currentCtAlgo)) {
// ctAlgo must be the same for all the recipients
throw new JweException(JweException.Error.INVALID_CONTENT_ALGORITHM);
}
JweHeaders perRecipientUnprotectedHeader = perRecipientUnprotectedHeaders.get(i);
KeyEncryptionProvider keyEncryptionProvider = JweUtils.loadKeyEncryptionProvider(props, m, perRecipientUnprotectedHeader);
if (keyEncryptionProvider.getAlgorithm() == KeyAlgorithm.DIRECT && propLocs.size() > 1) {
throw new JweException(JweException.Error.INVALID_JSON_JWE);
}
keyProviders.add(keyEncryptionProvider);
keyAlgos.add(perRecipientUnprotectedHeader.getKeyEncryptionAlgorithm());
}
if (ctAlgo == null) {
throw new JweException(JweException.Error.INVALID_CONTENT_ALGORITHM);
}
sharedProtectedHeaders.setContentEncryptionAlgorithm(ctAlgo);
List<JweEncryptionProvider> theEncProviders = new LinkedList<JweEncryptionProvider>();
if (keyProviders.size() == 1 && keyProviders.get(0).getAlgorithm() == KeyAlgorithm.DIRECT) {
JsonWebKey jwk = JwkUtils.loadJsonWebKey(m, propsList.get(0), KeyOperation.ENCRYPT);
if (jwk != null) {
ContentEncryptionProvider ctProvider = JweUtils.getContentEncryptionProvider(jwk, ctAlgo);
JweEncryptionProvider encProvider = new JweEncryption(keyProviders.get(0), ctProvider);
theEncProviders.add(encProvider);
}
} else {
ContentEncryptionProvider ctProvider = JweUtils.getContentEncryptionProvider(ctAlgo, true);
for (int i = 0; i < keyProviders.size(); i++) {
JweEncryptionProvider encProvider = new JweEncryption(keyProviders.get(0), ctProvider);
theEncProviders.add(encProvider);
}
}
if (keyAlgos.size() == 1) {
sharedProtectedHeaders.setKeyEncryptionAlgorithm(keyAlgos.iterator().next());
for (int i = 0; i < perRecipientUnprotectedHeaders.size(); i++) {
perRecipientUnprotectedHeaders.get(i).removeProperty(JoseConstants.JWE_HEADER_KEY_ENC_ALGORITHM);
}
}
return theEncProviders;
}
Also used :
ContentEncryptionProvider(org.apache.cxf.rs.security.jose.jwe.ContentEncryptionProvider)
KeyEncryptionProvider(org.apache.cxf.rs.security.jose.jwe.KeyEncryptionProvider)
Message(org.apache.cxf.message.Message)
JweEncryptionProvider(org.apache.cxf.rs.security.jose.jwe.JweEncryptionProvider)
ArrayList(java.util.ArrayList)
JsonWebKey(org.apache.cxf.rs.security.jose.jwk.JsonWebKey)
Properties(java.util.Properties)
JweEncryption(org.apache.cxf.rs.security.jose.jwe.JweEncryption)
LinkedList(java.util.LinkedList)
KeyAlgorithm(org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm)
JweHeaders(org.apache.cxf.rs.security.jose.jwe.JweHeaders)
JweException(org.apache.cxf.rs.security.jose.jwe.JweException)
ContentAlgorithm(org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm)
HashSet(java.util.HashSet)
Example 2 with JweException
use of org.apache.cxf.rs.security.jose.jwe.JweException in project cxf by apache.
the class AbstractJweJsonDecryptingFilter method decrypt.
protected JweDecryptionOutput decrypt(InputStream is) throws IOException {
JweJsonConsumer c = new JweJsonConsumer(new String(IOUtils.readBytesFromStream(is), StandardCharsets.UTF_8));
JweDecryptionProvider theProvider = getInitializedDecryptionProvider(c.getProtectedHeader());
JweJsonEncryptionEntry entry = c.getJweDecryptionEntry(theProvider, recipientProperties);
if (entry == null) {
throw new JweException(JweException.Error.INVALID_JSON_JWE);
}
JweDecryptionOutput out = c.decryptWith(theProvider, entry);
JAXRSUtils.getCurrentMessage().put(JweJsonConsumer.class, c);
JAXRSUtils.getCurrentMessage().put(JweJsonEncryptionEntry.class, entry);
return out;
}
Also used :
JweDecryptionOutput(org.apache.cxf.rs.security.jose.jwe.JweDecryptionOutput)
JweException(org.apache.cxf.rs.security.jose.jwe.JweException)
JweJsonConsumer(org.apache.cxf.rs.security.jose.jwe.JweJsonConsumer)
JweDecryptionProvider(org.apache.cxf.rs.security.jose.jwe.JweDecryptionProvider)
JweJsonEncryptionEntry(org.apache.cxf.rs.security.jose.jwe.JweJsonEncryptionEntry)
Example 3 with JweException
use of org.apache.cxf.rs.security.jose.jwe.JweException in project cxf by apache.
the class AbstractJweJsonWriterProvider method getPropertyLocations.
protected List<String> getPropertyLocations() {
Message m = JAXRSUtils.getCurrentMessage();
Object propLocsProp = MessageUtils.getContextualProperty(m, JoseConstants.RSSEC_ENCRYPTION_OUT_PROPS, JoseConstants.RSSEC_ENCRYPTION_PROPS);
if (propLocsProp == null) {
if (encProviders == null) {
LOG.warning("JWE JSON init properties resource is not identified");
throw new JweException(JweException.Error.NO_INIT_PROPERTIES);
}
return Collections.emptyList();
}
List<String> propLocs = null;
if (propLocsProp instanceof String) {
String[] props = ((String) propLocsProp).split(",");
propLocs = Arrays.asList(props);
} else {
propLocs = CastUtils.cast((List<?>) propLocsProp);
}
return propLocs;
}
Also used :
JweException(org.apache.cxf.rs.security.jose.jwe.JweException)
Message(org.apache.cxf.message.Message)
ArrayList(java.util.ArrayList)
LinkedList(java.util.LinkedList)
List(java.util.List)
Example 4 with JweException
use of org.apache.cxf.rs.security.jose.jwe.JweException in project cxf by apache.
the class JweJsonContainerRequestFilter method filter.
@Override
public void filter(ContainerRequestContext context) throws IOException {
if (isMethodWithNoContent(context.getMethod()) || isCheckEmptyStream() && !context.hasEntity()) {
return;
}
try {
JweDecryptionOutput out = decrypt(context.getEntityStream());
byte[] bytes = out.getContent();
context.setEntityStream(new ByteArrayInputStream(bytes));
context.getHeaders().putSingle("Content-Length", Integer.toString(bytes.length));
String ct = JoseUtils.checkContentType(out.getHeaders().getContentType(), getDefaultMediaType());
if (ct != null) {
context.getHeaders().putSingle("Content-Type", ct);
}
if (super.isValidateHttpHeaders()) {
super.validateHttpHeadersIfNeeded(context.getHeaders(), out.getHeaders());
}
} catch (JweException ex) {
context.abortWith(JAXRSUtils.toResponse(400));
return;
}
}
Also used :
JweDecryptionOutput(org.apache.cxf.rs.security.jose.jwe.JweDecryptionOutput)
JweException(org.apache.cxf.rs.security.jose.jwe.JweException)
ByteArrayInputStream(java.io.ByteArrayInputStream)
Example 5 with JweException
use of org.apache.cxf.rs.security.jose.jwe.JweException in project cxf by apache.
the class JweWriterInterceptor method aroundWriteTo.
@Override
public void aroundWriteTo(WriterInterceptorContext ctx) throws IOException, WebApplicationException {
if (ctx.getEntity() == null) {
ctx.proceed();
return;
}
OutputStream actualOs = ctx.getOutputStream();
JweHeaders jweHeaders = new JweHeaders();
JweEncryptionProvider theEncryptionProvider = getInitializedEncryptionProvider(jweHeaders);
String ctString = null;
MediaType contentMediaType = ctx.getMediaType();
if (contentTypeRequired && contentMediaType != null) {
if ("application".equals(contentMediaType.getType())) {
ctString = contentMediaType.getSubtype();
} else {
ctString = JAXRSUtils.mediaTypeToString(contentMediaType);
}
}
if (ctString != null) {
jweHeaders.setContentType(ctString);
}
protectHttpHeadersIfNeeded(ctx, jweHeaders);
if (useJweOutputStream) {
JweEncryptionOutput encryption = theEncryptionProvider.getEncryptionOutput(new JweEncryptionInput(jweHeaders));
JoseUtils.traceHeaders(encryption.getHeaders());
try {
JweCompactBuilder.startJweContent(actualOs, encryption.getHeaders(), encryption.getContentEncryptionKey(), encryption.getIv());
} catch (IOException ex) {
LOG.warning("JWE encryption error");
throw new JweException(JweException.Error.CONTENT_ENCRYPTION_FAILURE, ex);
}
OutputStream wrappedStream = null;
JweOutputStream jweOutputStream = new JweOutputStream(actualOs, encryption.getCipher(), encryption.getAuthTagProducer());
wrappedStream = jweOutputStream;
if (encryption.isCompressionSupported()) {
wrappedStream = new DeflaterOutputStream(jweOutputStream);
}
ctx.setOutputStream(wrappedStream);
ctx.proceed();
setJoseMediaType(ctx);
jweOutputStream.finalFlush();
} else {
CachedOutputStream cos = new CachedOutputStream();
ctx.setOutputStream(cos);
ctx.proceed();
String jweContent = theEncryptionProvider.encrypt(cos.getBytes(), jweHeaders);
JoseUtils.traceHeaders(jweHeaders);
setJoseMediaType(ctx);
IOUtils.copy(new ByteArrayInputStream(StringUtils.toBytesUTF8(jweContent)), actualOs);
actualOs.flush();
}
}
Also used :
JweOutputStream(org.apache.cxf.rs.security.jose.jwe.JweOutputStream)
JweEncryptionProvider(org.apache.cxf.rs.security.jose.jwe.JweEncryptionProvider)
DeflaterOutputStream(java.util.zip.DeflaterOutputStream)
JweOutputStream(org.apache.cxf.rs.security.jose.jwe.JweOutputStream)
OutputStream(java.io.OutputStream)
CachedOutputStream(org.apache.cxf.io.CachedOutputStream)
IOException(java.io.IOException)
JweHeaders(org.apache.cxf.rs.security.jose.jwe.JweHeaders)
CachedOutputStream(org.apache.cxf.io.CachedOutputStream)
JweEncryptionInput(org.apache.cxf.rs.security.jose.jwe.JweEncryptionInput)
JweEncryptionOutput(org.apache.cxf.rs.security.jose.jwe.JweEncryptionOutput)
JweException(org.apache.cxf.rs.security.jose.jwe.JweException)
ByteArrayInputStream(java.io.ByteArrayInputStream)
DeflaterOutputStream(java.util.zip.DeflaterOutputStream)
MediaType(javax.ws.rs.core.MediaType)
Aggregations
JweException (org.apache.cxf.rs.security.jose.jwe.JweException)5
ByteArrayInputStream (java.io.ByteArrayInputStream)2
ArrayList (java.util.ArrayList)2
LinkedList (java.util.LinkedList)2
Message (org.apache.cxf.message.Message)2
JweDecryptionOutput (org.apache.cxf.rs.security.jose.jwe.JweDecryptionOutput)2
JweEncryptionProvider (org.apache.cxf.rs.security.jose.jwe.JweEncryptionProvider)2
JweHeaders (org.apache.cxf.rs.security.jose.jwe.JweHeaders)2
IOException (java.io.IOException)1
OutputStream (java.io.OutputStream)1
HashSet (java.util.HashSet)1
List (java.util.List)1
Properties (java.util.Properties)1
DeflaterOutputStream (java.util.zip.DeflaterOutputStream)1
MediaType (javax.ws.rs.core.MediaType)1
CachedOutputStream (org.apache.cxf.io.CachedOutputStream)1
ContentAlgorithm (org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm)1
KeyAlgorithm (org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm)1
ContentEncryptionProvider (org.apache.cxf.rs.security.jose.jwe.ContentEncryptionProvider)1
JweDecryptionProvider (org.apache.cxf.rs.security.jose.jwe.JweDecryptionProvider)1
