Example 1 with JwsCompactConsumer
use of org.apache.cxf.rs.security.jose.jws.JwsCompactConsumer in project cxf by apache.
the class JwsJoseCookBookTest method testRSAv15Signature.
@Test
public void testRSAv15Signature() throws Exception {
JwsCompactProducer compactProducer = new JwsCompactProducer(PAYLOAD);
compactProducer.getJwsHeaders().setSignatureAlgorithm(SignatureAlgorithm.RS256);
compactProducer.getJwsHeaders().setKeyId(RSA_KID_VALUE);
JsonMapObjectReaderWriter reader = new JsonMapObjectReaderWriter();
assertEquals(reader.toJson(compactProducer.getJwsHeaders().asMap()), RSA_V1_5_SIGNATURE_PROTECTED_HEADER_JSON);
assertEquals(compactProducer.getUnsignedEncodedJws(), RSA_V1_5_SIGNATURE_PROTECTED_HEADER + "." + ENCODED_PAYLOAD);
JsonWebKeys jwks = readKeySet("cookbookPrivateSet.txt");
List<JsonWebKey> keys = jwks.getKeys();
JsonWebKey rsaKey = keys.get(1);
compactProducer.signWith(rsaKey);
assertEquals(compactProducer.getSignedEncodedJws(), RSA_V1_5_SIGNATURE_PROTECTED_HEADER + "." + ENCODED_PAYLOAD + "." + RSA_V1_5_SIGNATURE_VALUE);
JwsCompactConsumer compactConsumer = new JwsCompactConsumer(compactProducer.getSignedEncodedJws());
JsonWebKeys publicJwks = readKeySet("cookbookPublicSet.txt");
List<JsonWebKey> publicKeys = publicJwks.getKeys();
JsonWebKey rsaPublicKey = publicKeys.get(1);
assertTrue(compactConsumer.verifySignatureWith(rsaPublicKey, SignatureAlgorithm.RS256));
JwsJsonProducer jsonProducer = new JwsJsonProducer(PAYLOAD);
assertEquals(jsonProducer.getPlainPayload(), PAYLOAD);
assertEquals(jsonProducer.getUnsignedEncodedPayload(), ENCODED_PAYLOAD);
JwsHeaders protectedHeader = new JwsHeaders();
protectedHeader.setSignatureAlgorithm(SignatureAlgorithm.RS256);
protectedHeader.setKeyId(RSA_KID_VALUE);
jsonProducer.signWith(JwsUtils.getSignatureProvider(rsaKey, SignatureAlgorithm.RS256), protectedHeader);
assertEquals(jsonProducer.getJwsJsonSignedDocument(), RSA_V1_5_JSON_GENERAL_SERIALIZATION);
JwsJsonConsumer jsonConsumer = new JwsJsonConsumer(jsonProducer.getJwsJsonSignedDocument());
assertTrue(jsonConsumer.verifySignatureWith(rsaPublicKey, SignatureAlgorithm.RS256));
jsonProducer = new JwsJsonProducer(PAYLOAD, true);
jsonProducer.signWith(JwsUtils.getSignatureProvider(rsaKey, SignatureAlgorithm.RS256), protectedHeader);
assertEquals(jsonProducer.getJwsJsonSignedDocument(), RSA_V1_5_JSON_FLATTENED_SERIALIZATION);
jsonConsumer = new JwsJsonConsumer(jsonProducer.getJwsJsonSignedDocument());
assertTrue(jsonConsumer.verifySignatureWith(rsaPublicKey, SignatureAlgorithm.RS256));
}
Also used :
JwsHeaders(org.apache.cxf.rs.security.jose.jws.JwsHeaders)
JwsCompactConsumer(org.apache.cxf.rs.security.jose.jws.JwsCompactConsumer)
JwsCompactProducer(org.apache.cxf.rs.security.jose.jws.JwsCompactProducer)
JsonWebKeys(org.apache.cxf.rs.security.jose.jwk.JsonWebKeys)
JsonMapObjectReaderWriter(org.apache.cxf.jaxrs.json.basic.JsonMapObjectReaderWriter)
JsonWebKey(org.apache.cxf.rs.security.jose.jwk.JsonWebKey)
JwsJsonProducer(org.apache.cxf.rs.security.jose.jws.JwsJsonProducer)
JwsJsonConsumer(org.apache.cxf.rs.security.jose.jws.JwsJsonConsumer)
Test(org.junit.Test)
Example 2 with JwsCompactConsumer
use of org.apache.cxf.rs.security.jose.jws.JwsCompactConsumer in project cxf by apache.
the class JwsJoseCookBookTest method testDetachedHMACSignature.
@Test
public void testDetachedHMACSignature() throws Exception {
JwsCompactProducer compactProducer = new JwsCompactProducer(PAYLOAD, true);
compactProducer.getJwsHeaders().setSignatureAlgorithm(SignatureAlgorithm.HS256);
compactProducer.getJwsHeaders().setKeyId(HMAC_KID_VALUE);
JsonMapObjectReaderWriter reader = new JsonMapObjectReaderWriter();
assertEquals(reader.toJson(compactProducer.getJwsHeaders().asMap()), HMAC_SIGNATURE_PROTECTED_HEADER_JSON);
assertEquals(compactProducer.getUnsignedEncodedJws(), HMAC_SIGNATURE_PROTECTED_HEADER + ".");
JsonWebKeys jwks = readKeySet("cookbookSecretSet.txt");
List<JsonWebKey> keys = jwks.getKeys();
JsonWebKey key = keys.get(0);
compactProducer.signWith(key);
assertEquals(compactProducer.getSignedEncodedJws(), DETACHED_HMAC_JWS);
JwsCompactConsumer compactConsumer = new JwsCompactConsumer(compactProducer.getSignedEncodedJws(), ENCODED_PAYLOAD);
assertTrue(compactConsumer.verifySignatureWith(key, SignatureAlgorithm.HS256));
JwsJsonProducer jsonProducer = new JwsJsonProducer(PAYLOAD);
assertEquals(jsonProducer.getPlainPayload(), PAYLOAD);
assertEquals(jsonProducer.getUnsignedEncodedPayload(), ENCODED_PAYLOAD);
JwsHeaders protectedHeader = new JwsHeaders();
protectedHeader.setSignatureAlgorithm(SignatureAlgorithm.HS256);
protectedHeader.setKeyId(HMAC_KID_VALUE);
jsonProducer.signWith(JwsUtils.getSignatureProvider(key, SignatureAlgorithm.HS256), protectedHeader);
assertEquals(jsonProducer.getJwsJsonSignedDocument(true), HMAC_DETACHED_JSON_GENERAL_SERIALIZATION);
JwsJsonConsumer jsonConsumer = new JwsJsonConsumer(jsonProducer.getJwsJsonSignedDocument(true), ENCODED_PAYLOAD);
assertTrue(jsonConsumer.verifySignatureWith(key, SignatureAlgorithm.HS256));
jsonProducer = new JwsJsonProducer(PAYLOAD, true);
jsonProducer.signWith(JwsUtils.getSignatureProvider(key, SignatureAlgorithm.HS256), protectedHeader);
assertEquals(jsonProducer.getJwsJsonSignedDocument(true), HMAC_DETACHED_JSON_FLATTENED_SERIALIZATION);
jsonConsumer = new JwsJsonConsumer(jsonProducer.getJwsJsonSignedDocument(true), ENCODED_PAYLOAD);
assertTrue(jsonConsumer.verifySignatureWith(key, SignatureAlgorithm.HS256));
}
Also used :
JwsHeaders(org.apache.cxf.rs.security.jose.jws.JwsHeaders)
JwsCompactConsumer(org.apache.cxf.rs.security.jose.jws.JwsCompactConsumer)
JwsCompactProducer(org.apache.cxf.rs.security.jose.jws.JwsCompactProducer)
JsonWebKeys(org.apache.cxf.rs.security.jose.jwk.JsonWebKeys)
JsonMapObjectReaderWriter(org.apache.cxf.jaxrs.json.basic.JsonMapObjectReaderWriter)
JsonWebKey(org.apache.cxf.rs.security.jose.jwk.JsonWebKey)
JwsJsonProducer(org.apache.cxf.rs.security.jose.jws.JwsJsonProducer)
JwsJsonConsumer(org.apache.cxf.rs.security.jose.jws.JwsJsonConsumer)
Test(org.junit.Test)
Example 3 with JwsCompactConsumer
use of org.apache.cxf.rs.security.jose.jws.JwsCompactConsumer in project cxf by apache.
the class JoseConsumer method getData.
public String getData(String data) {
super.checkProcessRequirements();
if (isJweRequired()) {
JweCompactConsumer jweConsumer = new JweCompactConsumer(data);
JweDecryptionProvider theDecryptor = getInitializedDecryptionProvider(jweConsumer.getJweHeaders());
if (theDecryptor == null) {
throw new JwtException("Unable to decrypt JWT");
}
if (!isJwsRequired()) {
return jweConsumer.getDecryptedContentText(theDecryptor);
}
JweDecryptionOutput decOutput = theDecryptor.decrypt(data);
data = decOutput.getContentText();
}
JwsCompactConsumer jwsConsumer = new JwsCompactConsumer(data);
if (isJwsRequired()) {
JwsSignatureVerifier theSigVerifier = getInitializedSignatureVerifier(jwsConsumer.getJwsHeaders());
if (theSigVerifier == null) {
throw new JwtException("Unable to validate JWT");
}
if (!jwsConsumer.verifySignatureWith(theSigVerifier)) {
throw new JwtException("Invalid Signature");
}
}
return jwsConsumer.getDecodedJwsPayload();
}
Also used :
JwsSignatureVerifier(org.apache.cxf.rs.security.jose.jws.JwsSignatureVerifier)
JweDecryptionOutput(org.apache.cxf.rs.security.jose.jwe.JweDecryptionOutput)
JwsCompactConsumer(org.apache.cxf.rs.security.jose.jws.JwsCompactConsumer)
JweCompactConsumer(org.apache.cxf.rs.security.jose.jwe.JweCompactConsumer)
JweDecryptionProvider(org.apache.cxf.rs.security.jose.jwe.JweDecryptionProvider)
JwtException(org.apache.cxf.rs.security.jose.jwt.JwtException)
Example 4 with JwsCompactConsumer
use of org.apache.cxf.rs.security.jose.jws.JwsCompactConsumer in project cxf by apache.
the class JwsClientResponseFilter method filter.
@Override
public void filter(ClientRequestContext req, ClientResponseContext res) throws IOException {
if (isMethodWithNoContent(req.getMethod()) || isCheckEmptyStream() && !res.hasEntity()) {
return;
}
JwsCompactConsumer p = new JwsCompactConsumer(IOUtils.readStringFromStream(res.getEntityStream()));
JwsSignatureVerifier theSigVerifier = getInitializedSigVerifier(p.getJwsHeaders());
if (!p.verifySignatureWith(theSigVerifier)) {
throw new JwsException(JwsException.Error.INVALID_SIGNATURE);
}
byte[] bytes = p.getDecodedJwsPayloadBytes();
res.setEntityStream(new ByteArrayInputStream(bytes));
res.getHeaders().putSingle("Content-Length", Integer.toString(bytes.length));
String ct = JoseUtils.checkContentType(p.getJwsHeaders().getContentType(), getDefaultMediaType());
if (ct != null) {
res.getHeaders().putSingle("Content-Type", ct);
}
if (super.isValidateHttpHeaders()) {
super.validateHttpHeadersIfNeeded(res.getHeaders(), p.getJwsHeaders());
}
}
Also used :
JwsSignatureVerifier(org.apache.cxf.rs.security.jose.jws.JwsSignatureVerifier)
JwsException(org.apache.cxf.rs.security.jose.jws.JwsException)
ByteArrayInputStream(java.io.ByteArrayInputStream)
JwsCompactConsumer(org.apache.cxf.rs.security.jose.jws.JwsCompactConsumer)
Example 5 with JwsCompactConsumer
use of org.apache.cxf.rs.security.jose.jws.JwsCompactConsumer in project cxf by apache.
the class JwsContainerRequestFilter method filter.
@Override
public void filter(ContainerRequestContext context) throws IOException {
if (isMethodWithNoContent(context.getMethod()) || isCheckEmptyStream() && !context.hasEntity()) {
return;
}
JwsCompactConsumer p = new JwsCompactConsumer(IOUtils.readStringFromStream(context.getEntityStream()));
JwsSignatureVerifier theSigVerifier = getInitializedSigVerifier(p.getJwsHeaders());
if (!p.verifySignatureWith(theSigVerifier)) {
context.abortWith(JAXRSUtils.toResponse(400));
return;
}
JoseUtils.validateRequestContextProperty(p.getJwsHeaders());
byte[] bytes = p.getDecodedJwsPayloadBytes();
context.setEntityStream(new ByteArrayInputStream(bytes));
context.getHeaders().putSingle("Content-Length", Integer.toString(bytes.length));
String ct = JoseUtils.checkContentType(p.getJwsHeaders().getContentType(), getDefaultMediaType());
if (ct != null) {
context.getHeaders().putSingle("Content-Type", ct);
}
if (super.isValidateHttpHeaders()) {
super.validateHttpHeadersIfNeeded(context.getHeaders(), p.getJwsHeaders());
}
Principal currentPrincipal = context.getSecurityContext().getUserPrincipal();
if (currentPrincipal == null || currentPrincipal.getName() == null) {
SecurityContext securityContext = configureSecurityContext(theSigVerifier);
if (securityContext != null) {
JAXRSUtils.getCurrentMessage().put(SecurityContext.class, securityContext);
}
}
}
Also used :
PublicKeyJwsSignatureVerifier(org.apache.cxf.rs.security.jose.jws.PublicKeyJwsSignatureVerifier)
JwsSignatureVerifier(org.apache.cxf.rs.security.jose.jws.JwsSignatureVerifier)
ByteArrayInputStream(java.io.ByteArrayInputStream)
JwsCompactConsumer(org.apache.cxf.rs.security.jose.jws.JwsCompactConsumer)
SecurityContext(org.apache.cxf.security.SecurityContext)
Principal(java.security.Principal)
Aggregations
JwsCompactConsumer (org.apache.cxf.rs.security.jose.jws.JwsCompactConsumer)9
JsonMapObjectReaderWriter (org.apache.cxf.jaxrs.json.basic.JsonMapObjectReaderWriter)5
JsonWebKey (org.apache.cxf.rs.security.jose.jwk.JsonWebKey)5
JsonWebKeys (org.apache.cxf.rs.security.jose.jwk.JsonWebKeys)5
JwsCompactProducer (org.apache.cxf.rs.security.jose.jws.JwsCompactProducer)5
Test (org.junit.Test)5
JwsHeaders (org.apache.cxf.rs.security.jose.jws.JwsHeaders)4
JwsJsonConsumer (org.apache.cxf.rs.security.jose.jws.JwsJsonConsumer)4
JwsJsonProducer (org.apache.cxf.rs.security.jose.jws.JwsJsonProducer)4
JwsSignatureVerifier (org.apache.cxf.rs.security.jose.jws.JwsSignatureVerifier)4
ByteArrayInputStream (java.io.ByteArrayInputStream)2
JweDecryptionProvider (org.apache.cxf.rs.security.jose.jwe.JweDecryptionProvider)2
BouncyCastleProvider (org.bouncycastle.jce.provider.BouncyCastleProvider)2
Principal (java.security.Principal)1
List (java.util.List)1
MultivaluedMap (javax.ws.rs.core.MultivaluedMap)1
JweCompactConsumer (org.apache.cxf.rs.security.jose.jwe.JweCompactConsumer)1
JweDecryptionOutput (org.apache.cxf.rs.security.jose.jwe.JweDecryptionOutput)1
EcDsaJwsSignatureProvider (org.apache.cxf.rs.security.jose.jws.EcDsaJwsSignatureProvider)1
JwsException (org.apache.cxf.rs.security.jose.jws.JwsException)1
