Examples with JsonWebKey org.apache.cxf.rs.security.jose.jwk.JsonWebKey used on opensource projects

Search in sources :

Example 6 with JsonWebKey

use of org.apache.cxf.rs.security.jose.jwk.JsonWebKey in project cxf by apache.

the class JwsUtils method loadSignatureProvider.

public static JwsSignatureProvider loadSignatureProvider(Message m, Properties props, JwsHeaders headers) {
    JwsSignatureProvider theSigProvider = null;
    boolean includeCert = JoseUtils.checkBooleanProperty(headers, props, m, JoseConstants.RSSEC_SIGNATURE_INCLUDE_CERT);
    boolean includeCertSha1 = JoseUtils.checkBooleanProperty(headers, props, m, JoseConstants.RSSEC_SIGNATURE_INCLUDE_CERT_SHA1);
    boolean includeCertSha256 = JoseUtils.checkBooleanProperty(headers, props, m, JoseConstants.RSSEC_SIGNATURE_INCLUDE_CERT_SHA256);
    boolean includeKeyId = JoseUtils.checkBooleanProperty(headers, props, m, JoseConstants.RSSEC_SIGNATURE_INCLUDE_KEY_ID);
    if (JoseConstants.HEADER_JSON_WEB_KEY.equals(props.get(JoseConstants.RSSEC_KEY_STORE_TYPE))) {
        JsonWebKey jwk = JwkUtils.loadJsonWebKey(m, props, KeyOperation.SIGN);
        if (jwk != null) {
            SignatureAlgorithm signatureAlgo = getSignatureAlgorithm(m, props, SignatureAlgorithm.getAlgorithm(jwk.getAlgorithm()), getDefaultKeyAlgorithm(jwk));
            theSigProvider = JwsUtils.getSignatureProvider(jwk, signatureAlgo);
            boolean includePublicKey = JoseUtils.checkBooleanProperty(headers, props, m, JoseConstants.RSSEC_SIGNATURE_INCLUDE_PUBLIC_KEY);
            if (includeCert) {
                JwkUtils.includeCertChain(jwk, headers, signatureAlgo.getJwaName());
            }
            if (includeCertSha1) {
                KeyManagementUtils.setSha1DigestHeader(headers, m, props);
            } else if (includeCertSha256) {
                KeyManagementUtils.setSha256DigestHeader(headers, m, props);
            }
            if (includePublicKey) {
                JwkUtils.includePublicKey(jwk, headers, signatureAlgo.getJwaName());
            }
            if (includeKeyId && jwk.getKeyId() != null) {
                headers.setKeyId(jwk.getKeyId());
            }
        }
    } else {
        SignatureAlgorithm signatureAlgo = getSignatureAlgorithm(m, props, null, null);
        if (signatureAlgo == SignatureAlgorithm.NONE) {
            theSigProvider = new NoneJwsSignatureProvider();
        } else {
            PrivateKey pk = KeyManagementUtils.loadPrivateKey(m, props, KeyOperation.SIGN);
            if (signatureAlgo == null) {
                signatureAlgo = getDefaultPrivateKeyAlgorithm(pk);
            }
            theSigProvider = getPrivateKeySignatureProvider(pk, signatureAlgo);
            if (includeCert) {
                headers.setX509Chain(KeyManagementUtils.loadAndEncodeX509CertificateOrChain(m, props));
            }
            if (includeCertSha1) {
                KeyManagementUtils.setSha1DigestHeader(headers, m, props);
            } else if (includeCertSha256) {
                KeyManagementUtils.setSha256DigestHeader(headers, m, props);
            }
            if (includeKeyId && props.containsKey(JoseConstants.RSSEC_KEY_STORE_ALIAS)) {
                headers.setKeyId(props.getProperty(JoseConstants.RSSEC_KEY_STORE_ALIAS));
            }
        }
    }
    if (theSigProvider == null) {
        LOG.warning("Provider is not available");
        throw new JwsException(JwsException.Error.NO_PROVIDER);
    }
    return theSigProvider;
}
Also used : ECPrivateKey(java.security.interfaces.ECPrivateKey) RSAPrivateKey(java.security.interfaces.RSAPrivateKey) PrivateKey(java.security.PrivateKey) JsonWebKey(org.apache.cxf.rs.security.jose.jwk.JsonWebKey) SignatureAlgorithm(org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm)

Example 7 with JsonWebKey

use of org.apache.cxf.rs.security.jose.jwk.JsonWebKey in project cxf by apache.

the class JwsUtils method loadPublicVerificationKeys.

public static JsonWebKeys loadPublicVerificationKeys(Message m, Properties props) {
    String storeType = props.getProperty(JoseConstants.RSSEC_KEY_STORE_TYPE);
    if ("jwk".equals(storeType)) {
        return JwkUtils.loadPublicJwkSet(m, props);
    }
    X509Certificate[] certs = null;
    if (PropertyUtils.isTrue(props.get(JoseConstants.RSSEC_SIGNATURE_INCLUDE_CERT))) {
        certs = KeyManagementUtils.loadX509CertificateOrChain(m, props);
    }
    PublicKey key = certs != null && certs.length > 0 ? certs[0].getPublicKey() : KeyManagementUtils.loadPublicKey(m, props);
    JsonWebKey jwk = JwkUtils.fromPublicKey(key, props, JoseConstants.RSSEC_SIGNATURE_ALGORITHM);
    jwk.setPublicKeyUse(PublicKeyUse.SIGN);
    if (certs != null) {
        jwk.setX509Chain(KeyManagementUtils.encodeX509CertificateChain(certs));
    }
    return new JsonWebKeys(jwk);
}
Also used : RSAPublicKey(java.security.interfaces.RSAPublicKey) PublicKey(java.security.PublicKey) ECPublicKey(java.security.interfaces.ECPublicKey) JsonWebKeys(org.apache.cxf.rs.security.jose.jwk.JsonWebKeys) JsonWebKey(org.apache.cxf.rs.security.jose.jwk.JsonWebKey) X509Certificate(java.security.cert.X509Certificate)

Example 8 with JsonWebKey

use of org.apache.cxf.rs.security.jose.jwk.JsonWebKey in project cxf by apache.

the class JwkJoseCookBookTest method testPublicSetAsMap.

@Test
public void testPublicSetAsMap() throws Exception {
    JsonWebKeys jwks = readKeySet("cookbookPublicSet.txt");
    Map<KeyType, List<JsonWebKey>> keysMap = jwks.getKeyTypeMap();
    assertEquals(2, keysMap.size());
    List<JsonWebKey> rsaKeys = keysMap.get(KeyType.RSA);
    assertEquals(1, rsaKeys.size());
    assertEquals(5, rsaKeys.get(0).asMap().size());
    validatePublicRsaKey(rsaKeys.get(0));
    List<JsonWebKey> ecKeys = keysMap.get(KeyType.EC);
    assertEquals(1, ecKeys.size());
    assertEquals(6, ecKeys.get(0).asMap().size());
    validatePublicEcKey(ecKeys.get(0));
}
Also used : KeyType(org.apache.cxf.rs.security.jose.jwk.KeyType) JsonWebKeys(org.apache.cxf.rs.security.jose.jwk.JsonWebKeys) JsonWebKey(org.apache.cxf.rs.security.jose.jwk.JsonWebKey) List(java.util.List) Test(org.junit.Test)

Example 9 with JsonWebKey

use of org.apache.cxf.rs.security.jose.jwk.JsonWebKey in project cxf by apache.

the class JwsJoseCookBookTest method testRSAv15Signature.

@Test
public void testRSAv15Signature() throws Exception {
    JwsCompactProducer compactProducer = new JwsCompactProducer(PAYLOAD);
    compactProducer.getJwsHeaders().setSignatureAlgorithm(SignatureAlgorithm.RS256);
    compactProducer.getJwsHeaders().setKeyId(RSA_KID_VALUE);
    JsonMapObjectReaderWriter reader = new JsonMapObjectReaderWriter();
    assertEquals(reader.toJson(compactProducer.getJwsHeaders().asMap()), RSA_V1_5_SIGNATURE_PROTECTED_HEADER_JSON);
    assertEquals(compactProducer.getUnsignedEncodedJws(), RSA_V1_5_SIGNATURE_PROTECTED_HEADER + "." + ENCODED_PAYLOAD);
    JsonWebKeys jwks = readKeySet("cookbookPrivateSet.txt");
    List<JsonWebKey> keys = jwks.getKeys();
    JsonWebKey rsaKey = keys.get(1);
    compactProducer.signWith(rsaKey);
    assertEquals(compactProducer.getSignedEncodedJws(), RSA_V1_5_SIGNATURE_PROTECTED_HEADER + "." + ENCODED_PAYLOAD + "." + RSA_V1_5_SIGNATURE_VALUE);
    JwsCompactConsumer compactConsumer = new JwsCompactConsumer(compactProducer.getSignedEncodedJws());
    JsonWebKeys publicJwks = readKeySet("cookbookPublicSet.txt");
    List<JsonWebKey> publicKeys = publicJwks.getKeys();
    JsonWebKey rsaPublicKey = publicKeys.get(1);
    assertTrue(compactConsumer.verifySignatureWith(rsaPublicKey, SignatureAlgorithm.RS256));
    JwsJsonProducer jsonProducer = new JwsJsonProducer(PAYLOAD);
    assertEquals(jsonProducer.getPlainPayload(), PAYLOAD);
    assertEquals(jsonProducer.getUnsignedEncodedPayload(), ENCODED_PAYLOAD);
    JwsHeaders protectedHeader = new JwsHeaders();
    protectedHeader.setSignatureAlgorithm(SignatureAlgorithm.RS256);
    protectedHeader.setKeyId(RSA_KID_VALUE);
    jsonProducer.signWith(JwsUtils.getSignatureProvider(rsaKey, SignatureAlgorithm.RS256), protectedHeader);
    assertEquals(jsonProducer.getJwsJsonSignedDocument(), RSA_V1_5_JSON_GENERAL_SERIALIZATION);
    JwsJsonConsumer jsonConsumer = new JwsJsonConsumer(jsonProducer.getJwsJsonSignedDocument());
    assertTrue(jsonConsumer.verifySignatureWith(rsaPublicKey, SignatureAlgorithm.RS256));
    jsonProducer = new JwsJsonProducer(PAYLOAD, true);
    jsonProducer.signWith(JwsUtils.getSignatureProvider(rsaKey, SignatureAlgorithm.RS256), protectedHeader);
    assertEquals(jsonProducer.getJwsJsonSignedDocument(), RSA_V1_5_JSON_FLATTENED_SERIALIZATION);
    jsonConsumer = new JwsJsonConsumer(jsonProducer.getJwsJsonSignedDocument());
    assertTrue(jsonConsumer.verifySignatureWith(rsaPublicKey, SignatureAlgorithm.RS256));
}
Also used : JwsHeaders(org.apache.cxf.rs.security.jose.jws.JwsHeaders) JwsCompactConsumer(org.apache.cxf.rs.security.jose.jws.JwsCompactConsumer) JwsCompactProducer(org.apache.cxf.rs.security.jose.jws.JwsCompactProducer) JsonWebKeys(org.apache.cxf.rs.security.jose.jwk.JsonWebKeys) JsonMapObjectReaderWriter(org.apache.cxf.jaxrs.json.basic.JsonMapObjectReaderWriter) JsonWebKey(org.apache.cxf.rs.security.jose.jwk.JsonWebKey) JwsJsonProducer(org.apache.cxf.rs.security.jose.jws.JwsJsonProducer) JwsJsonConsumer(org.apache.cxf.rs.security.jose.jws.JwsJsonConsumer) Test(org.junit.Test)

Example 10 with JsonWebKey

use of org.apache.cxf.rs.security.jose.jwk.JsonWebKey in project cxf by apache.

the class JwsJoseCookBookTest method testDetachedHMACSignature.

@Test
public void testDetachedHMACSignature() throws Exception {
    JwsCompactProducer compactProducer = new JwsCompactProducer(PAYLOAD, true);
    compactProducer.getJwsHeaders().setSignatureAlgorithm(SignatureAlgorithm.HS256);
    compactProducer.getJwsHeaders().setKeyId(HMAC_KID_VALUE);
    JsonMapObjectReaderWriter reader = new JsonMapObjectReaderWriter();
    assertEquals(reader.toJson(compactProducer.getJwsHeaders().asMap()), HMAC_SIGNATURE_PROTECTED_HEADER_JSON);
    assertEquals(compactProducer.getUnsignedEncodedJws(), HMAC_SIGNATURE_PROTECTED_HEADER + ".");
    JsonWebKeys jwks = readKeySet("cookbookSecretSet.txt");
    List<JsonWebKey> keys = jwks.getKeys();
    JsonWebKey key = keys.get(0);
    compactProducer.signWith(key);
    assertEquals(compactProducer.getSignedEncodedJws(), DETACHED_HMAC_JWS);
    JwsCompactConsumer compactConsumer = new JwsCompactConsumer(compactProducer.getSignedEncodedJws(), ENCODED_PAYLOAD);
    assertTrue(compactConsumer.verifySignatureWith(key, SignatureAlgorithm.HS256));
    JwsJsonProducer jsonProducer = new JwsJsonProducer(PAYLOAD);
    assertEquals(jsonProducer.getPlainPayload(), PAYLOAD);
    assertEquals(jsonProducer.getUnsignedEncodedPayload(), ENCODED_PAYLOAD);
    JwsHeaders protectedHeader = new JwsHeaders();
    protectedHeader.setSignatureAlgorithm(SignatureAlgorithm.HS256);
    protectedHeader.setKeyId(HMAC_KID_VALUE);
    jsonProducer.signWith(JwsUtils.getSignatureProvider(key, SignatureAlgorithm.HS256), protectedHeader);
    assertEquals(jsonProducer.getJwsJsonSignedDocument(true), HMAC_DETACHED_JSON_GENERAL_SERIALIZATION);
    JwsJsonConsumer jsonConsumer = new JwsJsonConsumer(jsonProducer.getJwsJsonSignedDocument(true), ENCODED_PAYLOAD);
    assertTrue(jsonConsumer.verifySignatureWith(key, SignatureAlgorithm.HS256));
    jsonProducer = new JwsJsonProducer(PAYLOAD, true);
    jsonProducer.signWith(JwsUtils.getSignatureProvider(key, SignatureAlgorithm.HS256), protectedHeader);
    assertEquals(jsonProducer.getJwsJsonSignedDocument(true), HMAC_DETACHED_JSON_FLATTENED_SERIALIZATION);
    jsonConsumer = new JwsJsonConsumer(jsonProducer.getJwsJsonSignedDocument(true), ENCODED_PAYLOAD);
    assertTrue(jsonConsumer.verifySignatureWith(key, SignatureAlgorithm.HS256));
}
Also used : JwsHeaders(org.apache.cxf.rs.security.jose.jws.JwsHeaders) JwsCompactConsumer(org.apache.cxf.rs.security.jose.jws.JwsCompactConsumer) JwsCompactProducer(org.apache.cxf.rs.security.jose.jws.JwsCompactProducer) JsonWebKeys(org.apache.cxf.rs.security.jose.jwk.JsonWebKeys) JsonMapObjectReaderWriter(org.apache.cxf.jaxrs.json.basic.JsonMapObjectReaderWriter) JsonWebKey(org.apache.cxf.rs.security.jose.jwk.JsonWebKey) JwsJsonProducer(org.apache.cxf.rs.security.jose.jws.JwsJsonProducer) JwsJsonConsumer(org.apache.cxf.rs.security.jose.jws.JwsJsonConsumer) Test(org.junit.Test)

Aggregations

JsonWebKey (org.apache.cxf.rs.security.jose.jwk.JsonWebKey)31 JsonWebKeys (org.apache.cxf.rs.security.jose.jwk.JsonWebKeys)18 Test (org.junit.Test)18 JwsHeaders (org.apache.cxf.rs.security.jose.jws.JwsHeaders)7 JwsJsonConsumer (org.apache.cxf.rs.security.jose.jws.JwsJsonConsumer)7 JwsJsonProducer (org.apache.cxf.rs.security.jose.jws.JwsJsonProducer)7 JsonMapObjectReaderWriter (org.apache.cxf.jaxrs.json.basic.JsonMapObjectReaderWriter)6 ContentAlgorithm (org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm)5 JwsCompactConsumer (org.apache.cxf.rs.security.jose.jws.JwsCompactConsumer)5 JwsCompactProducer (org.apache.cxf.rs.security.jose.jws.JwsCompactProducer)5 Properties (java.util.Properties)4 X509Certificate (java.security.cert.X509Certificate)3 ECPrivateKey (java.security.interfaces.ECPrivateKey)3 Message (org.apache.cxf.message.Message)3 KeyAlgorithm (org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm)3 BouncyCastleProvider (org.bouncycastle.jce.provider.BouncyCastleProvider)3 PrivateKey (java.security.PrivateKey)2 PublicKey (java.security.PublicKey)2 ECPublicKey (java.security.interfaces.ECPublicKey)2 RSAPrivateKey (java.security.interfaces.RSAPrivateKey)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial