Example 1 with JweHeaders
use of org.apache.cxf.rs.security.jose.jwe.JweHeaders in project cxf by apache.
the class AbstractJweJsonWriterProvider method getInitializedEncryptionProviders.
protected List<JweEncryptionProvider> getInitializedEncryptionProviders(List<String> propLocs, JweHeaders sharedProtectedHeaders, List<JweHeaders> perRecipientUnprotectedHeaders) {
if (encProviders != null) {
return encProviders;
}
// The task is to have a single ContentEncryptionProvider instance,
// configured to generate CEK only once, paired with all the loaded
// KeyEncryptionProviders to have JweEncryptionProviders initialized
Message m = JAXRSUtils.getCurrentMessage();
// Load all the properties
List<Properties> propsList = new ArrayList<>(propLocs.size());
for (int i = 0; i < propLocs.size(); i++) {
propsList.add(JweUtils.loadJweProperties(m, propLocs.get(i)));
}
ContentAlgorithm ctAlgo = null;
// This set is to find out how many key encryption algorithms are used
// If only one then save it in the shared protected headers as opposed to
// per-recipient specific not protected ones
Set<KeyAlgorithm> keyAlgos = new HashSet<>();
List<KeyEncryptionProvider> keyProviders = new LinkedList<>();
for (int i = 0; i < propLocs.size(); i++) {
Properties props = propsList.get(i);
ContentAlgorithm currentCtAlgo = JweUtils.getContentEncryptionAlgorithm(m, props, ContentAlgorithm.A128GCM);
if (ctAlgo == null) {
ctAlgo = currentCtAlgo;
} else if (currentCtAlgo != null && !ctAlgo.equals(currentCtAlgo)) {
// ctAlgo must be the same for all the recipients
throw new JweException(JweException.Error.INVALID_CONTENT_ALGORITHM);
}
JweHeaders perRecipientUnprotectedHeader = perRecipientUnprotectedHeaders.get(i);
KeyEncryptionProvider keyEncryptionProvider = JweUtils.loadKeyEncryptionProvider(props, m, perRecipientUnprotectedHeader);
if (keyEncryptionProvider.getAlgorithm() == KeyAlgorithm.DIRECT && propLocs.size() > 1) {
throw new JweException(JweException.Error.INVALID_JSON_JWE);
}
keyProviders.add(keyEncryptionProvider);
keyAlgos.add(perRecipientUnprotectedHeader.getKeyEncryptionAlgorithm());
}
if (ctAlgo == null) {
throw new JweException(JweException.Error.INVALID_CONTENT_ALGORITHM);
}
sharedProtectedHeaders.setContentEncryptionAlgorithm(ctAlgo);
List<JweEncryptionProvider> theEncProviders = new LinkedList<>();
if (keyProviders.size() == 1 && keyProviders.get(0).getAlgorithm() == KeyAlgorithm.DIRECT) {
JsonWebKey jwk = JwkUtils.loadJsonWebKey(m, propsList.get(0), KeyOperation.ENCRYPT);
if (jwk != null) {
ContentEncryptionProvider ctProvider = JweUtils.getContentEncryptionProvider(jwk, ctAlgo);
JweEncryptionProvider encProvider = new JweEncryption(keyProviders.get(0), ctProvider);
theEncProviders.add(encProvider);
}
} else {
ContentEncryptionProvider ctProvider = JweUtils.getContentEncryptionProvider(ctAlgo, true);
for (int i = 0; i < keyProviders.size(); i++) {
JweEncryptionProvider encProvider = new JweEncryption(keyProviders.get(i), ctProvider);
theEncProviders.add(encProvider);
}
}
if (keyAlgos.size() == 1) {
sharedProtectedHeaders.setKeyEncryptionAlgorithm(keyAlgos.iterator().next());
for (int i = 0; i < perRecipientUnprotectedHeaders.size(); i++) {
perRecipientUnprotectedHeaders.get(i).removeProperty(JoseConstants.JWE_HEADER_KEY_ENC_ALGORITHM);
}
}
return theEncProviders;
}
Also used :
ContentEncryptionProvider(org.apache.cxf.rs.security.jose.jwe.ContentEncryptionProvider)
KeyEncryptionProvider(org.apache.cxf.rs.security.jose.jwe.KeyEncryptionProvider)
Message(org.apache.cxf.message.Message)
JweEncryptionProvider(org.apache.cxf.rs.security.jose.jwe.JweEncryptionProvider)
ArrayList(java.util.ArrayList)
JsonWebKey(org.apache.cxf.rs.security.jose.jwk.JsonWebKey)
Properties(java.util.Properties)
JweEncryption(org.apache.cxf.rs.security.jose.jwe.JweEncryption)
LinkedList(java.util.LinkedList)
KeyAlgorithm(org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm)
JweHeaders(org.apache.cxf.rs.security.jose.jwe.JweHeaders)
JweException(org.apache.cxf.rs.security.jose.jwe.JweException)
ContentAlgorithm(org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm)
HashSet(java.util.HashSet)
Example 2 with JweHeaders
use of org.apache.cxf.rs.security.jose.jwe.JweHeaders in project cxf by apache.
the class JwtAuthenticationClientFilter method filter.
@Override
public void filter(ClientRequestContext requestContext) throws IOException {
JwtToken jwt = getJwtToken(requestContext);
if (jwt == null && super.isJweRequired()) {
AuthorizationPolicy ap = JAXRSUtils.getCurrentMessage().getExchange().getEndpoint().getEndpointInfo().getExtensor(AuthorizationPolicy.class);
if (ap != null && ap.getUserName() != null) {
JwtClaims claims = new JwtClaims();
claims.setSubject(ap.getUserName());
claims.setClaim("password", ap.getPassword());
claims.setIssuedAt(System.currentTimeMillis() / 1000L);
jwt = new JwtToken(new JweHeaders(), claims);
}
}
if (jwt == null) {
throw new JoseException("JWT token is not available");
}
String data = super.processJwt(jwt);
requestContext.getHeaders().putSingle(HttpHeaders.AUTHORIZATION, authScheme + " " + data);
}
Also used :
JwtToken(org.apache.cxf.rs.security.jose.jwt.JwtToken)
AuthorizationPolicy(org.apache.cxf.configuration.security.AuthorizationPolicy)
JwtClaims(org.apache.cxf.rs.security.jose.jwt.JwtClaims)
JoseException(org.apache.cxf.rs.security.jose.common.JoseException)
JweHeaders(org.apache.cxf.rs.security.jose.jwe.JweHeaders)
Example 3 with JweHeaders
use of org.apache.cxf.rs.security.jose.jwe.JweHeaders in project cxf by apache.
the class JoseJwtConsumer method getJwtToken.
public JwtToken getJwtToken(String wrappedJwtToken, JweDecryptionProvider theDecryptor, JwsSignatureVerifier theSigVerifier) {
super.checkProcessRequirements();
JweHeaders jweHeaders = new JweHeaders();
if (isJweRequired()) {
JweJwtCompactConsumer jwtConsumer = new JweJwtCompactConsumer(wrappedJwtToken);
if (theDecryptor == null) {
theDecryptor = getInitializedDecryptionProvider(jwtConsumer.getHeaders());
}
if (theDecryptor == null) {
throw new JwtException("Unable to decrypt JWT");
}
if (!isJwsRequired()) {
return jwtConsumer.decryptWith(theDecryptor);
}
JweDecryptionOutput decOutput = theDecryptor.decrypt(wrappedJwtToken);
wrappedJwtToken = decOutput.getContentText();
jweHeaders = decOutput.getHeaders();
}
JwsJwtCompactConsumer jwtConsumer = new JwsJwtCompactConsumer(wrappedJwtToken);
JwtToken jwt = jwtConsumer.getJwtToken();
// Store the encryption headers as well
jwt = new JwtToken(jwt.getJwsHeaders(), jweHeaders, jwt.getClaims());
if (isJwsRequired()) {
if (theSigVerifier == null) {
theSigVerifier = getInitializedSignatureVerifier(jwt);
}
if (theSigVerifier == null) {
throw new JwtException("Unable to validate JWT");
}
if (!jwtConsumer.verifySignatureWith(theSigVerifier)) {
throw new JwtException("Invalid Signature");
}
}
validateToken(jwt);
return jwt;
}
Also used :
JweDecryptionOutput(org.apache.cxf.rs.security.jose.jwe.JweDecryptionOutput)
JwsJwtCompactConsumer(org.apache.cxf.rs.security.jose.jws.JwsJwtCompactConsumer)
JweJwtCompactConsumer(org.apache.cxf.rs.security.jose.jwe.JweJwtCompactConsumer)
JweHeaders(org.apache.cxf.rs.security.jose.jwe.JweHeaders)
Example 4 with JweHeaders
use of org.apache.cxf.rs.security.jose.jwe.JweHeaders in project cxf by apache.
the class JoseProducer method processData.
public String processData(String data) {
super.checkProcessRequirements();
JweEncryptionProvider theEncProvider = null;
JweHeaders jweHeaders = new JweHeaders();
if (isJweRequired()) {
theEncProvider = getInitializedEncryptionProvider(jweHeaders);
if (theEncProvider == null) {
throw new JoseException("Unable to encrypt the data");
}
}
if (isJwsRequired()) {
JwsHeaders jwsHeaders = new JwsHeaders();
JwsCompactProducer jws = new JwsCompactProducer(jwsHeaders, data);
JwsSignatureProvider theSigProvider = getInitializedSignatureProvider(jwsHeaders);
if (theSigProvider == null) {
throw new JoseException("Unable to sign the data");
}
data = jws.signWith(theSigProvider);
}
if (theEncProvider != null) {
data = theEncProvider.encrypt(StringUtils.toBytesUTF8(data), jweHeaders);
}
return data;
}
Also used :
JwsHeaders(org.apache.cxf.rs.security.jose.jws.JwsHeaders)
JweEncryptionProvider(org.apache.cxf.rs.security.jose.jwe.JweEncryptionProvider)
JwsCompactProducer(org.apache.cxf.rs.security.jose.jws.JwsCompactProducer)
JweHeaders(org.apache.cxf.rs.security.jose.jwe.JweHeaders)
JwsSignatureProvider(org.apache.cxf.rs.security.jose.jws.JwsSignatureProvider)
Example 5 with JweHeaders
use of org.apache.cxf.rs.security.jose.jwe.JweHeaders in project cxf by apache.
the class JweWriterInterceptor method aroundWriteTo.
@Override
public void aroundWriteTo(WriterInterceptorContext ctx) throws IOException, WebApplicationException {
if (ctx.getEntity() == null) {
ctx.proceed();
return;
}
OutputStream actualOs = ctx.getOutputStream();
JweHeaders jweHeaders = new JweHeaders();
JweEncryptionProvider theEncryptionProvider = getInitializedEncryptionProvider(jweHeaders);
String ctString = null;
MediaType contentMediaType = ctx.getMediaType();
if (contentTypeRequired && contentMediaType != null) {
if ("application".equals(contentMediaType.getType())) {
ctString = contentMediaType.getSubtype();
} else {
ctString = JAXRSUtils.mediaTypeToString(contentMediaType);
}
}
if (ctString != null) {
jweHeaders.setContentType(ctString);
}
protectHttpHeadersIfNeeded(ctx, jweHeaders);
if (useJweOutputStream) {
JweEncryptionOutput encryption = theEncryptionProvider.getEncryptionOutput(new JweEncryptionInput(jweHeaders));
JoseUtils.traceHeaders(encryption.getHeaders());
try {
JweCompactBuilder.startJweContent(actualOs, encryption.getHeaders(), encryption.getEncryptedContentEncryptionKey(), encryption.getIv());
} catch (IOException ex) {
LOG.warning("JWE encryption error");
throw new JweException(JweException.Error.CONTENT_ENCRYPTION_FAILURE, ex);
}
JweOutputStream jweOutputStream = new JweOutputStream(actualOs, encryption.getCipher(), encryption.getAuthTagProducer());
ctx.setOutputStream(encryption.isCompressionSupported() ? new DeflaterOutputStream(jweOutputStream) : jweOutputStream);
ctx.proceed();
setJoseMediaType(ctx);
jweOutputStream.finalFlush();
} else {
CachedOutputStream cos = new CachedOutputStream();
ctx.setOutputStream(cos);
ctx.proceed();
String jweContent = theEncryptionProvider.encrypt(cos.getBytes(), jweHeaders);
JoseUtils.traceHeaders(jweHeaders);
setJoseMediaType(ctx);
IOUtils.copy(new ByteArrayInputStream(StringUtils.toBytesUTF8(jweContent)), actualOs);
actualOs.flush();
}
}
Also used :
JweOutputStream(org.apache.cxf.rs.security.jose.jwe.JweOutputStream)
JweEncryptionProvider(org.apache.cxf.rs.security.jose.jwe.JweEncryptionProvider)
DeflaterOutputStream(java.util.zip.DeflaterOutputStream)
JweOutputStream(org.apache.cxf.rs.security.jose.jwe.JweOutputStream)
OutputStream(java.io.OutputStream)
CachedOutputStream(org.apache.cxf.io.CachedOutputStream)
IOException(java.io.IOException)
JweHeaders(org.apache.cxf.rs.security.jose.jwe.JweHeaders)
CachedOutputStream(org.apache.cxf.io.CachedOutputStream)
JweEncryptionInput(org.apache.cxf.rs.security.jose.jwe.JweEncryptionInput)
JweEncryptionOutput(org.apache.cxf.rs.security.jose.jwe.JweEncryptionOutput)
JweException(org.apache.cxf.rs.security.jose.jwe.JweException)
ByteArrayInputStream(java.io.ByteArrayInputStream)
DeflaterOutputStream(java.util.zip.DeflaterOutputStream)
MediaType(javax.ws.rs.core.MediaType)
Aggregations
JweHeaders (org.apache.cxf.rs.security.jose.jwe.JweHeaders)11
JweEncryptionProvider (org.apache.cxf.rs.security.jose.jwe.JweEncryptionProvider)5
ByteArrayInputStream (java.io.ByteArrayInputStream)2
OutputStream (java.io.OutputStream)2
ArrayList (java.util.ArrayList)2
MediaType (javax.ws.rs.core.MediaType)2
CachedOutputStream (org.apache.cxf.io.CachedOutputStream)2
Message (org.apache.cxf.message.Message)2
JweException (org.apache.cxf.rs.security.jose.jwe.JweException)2
JweJsonProducer (org.apache.cxf.rs.security.jose.jwe.JweJsonProducer)2
JsonWebKey (org.apache.cxf.rs.security.jose.jwk.JsonWebKey)2
JwsHeaders (org.apache.cxf.rs.security.jose.jws.JwsHeaders)2
JwtClaims (org.apache.cxf.rs.security.jose.jwt.JwtClaims)2
IOException (java.io.IOException)1
Instant (java.time.Instant)1
HashMap (java.util.HashMap)1
HashSet (java.util.HashSet)1
LinkedList (java.util.LinkedList)1
Properties (java.util.Properties)1
DeflaterOutputStream (java.util.zip.DeflaterOutputStream)1
