Search in sources :

Example 1 with JwsSignatureProvider

use of org.apache.cxf.rs.security.jose.jws.JwsSignatureProvider in project cxf by apache.

the class JoseClientCodeStateManager method toRedirectState.

@Override
public MultivaluedMap<String, String> toRedirectState(MessageContext mc, MultivaluedMap<String, String> requestState) {
    JweEncryptionProvider theEncryptionProvider = getInitializedEncryptionProvider();
    JwsSignatureProvider theSigProvider = getInitializedSigProvider(theEncryptionProvider);
    if (theEncryptionProvider == null && theSigProvider == null) {
        throw new OAuthServiceException("The state can not be protected");
    }
    MultivaluedMap<String, String> redirectMap = new MetadataMap<String, String>();
    if (generateNonce && theSigProvider != null) {
        JwsCompactProducer nonceProducer = new JwsCompactProducer(OAuthUtils.generateRandomTokenKey());
        String nonceParam = nonceProducer.signWith(theSigProvider);
        requestState.putSingle(OAuthConstants.NONCE, nonceParam);
        redirectMap.putSingle(OAuthConstants.NONCE, nonceParam);
    }
    Map<String, Object> stateMap = CastUtils.cast((Map<?, ?>) requestState);
    String json = jsonp.toJson(stateMap);
    String stateParam = null;
    if (theSigProvider != null) {
        JwsCompactProducer stateProducer = new JwsCompactProducer(json);
        stateParam = stateProducer.signWith(theSigProvider);
    }
    if (theEncryptionProvider != null) {
        stateParam = theEncryptionProvider.encrypt(StringUtils.toBytesUTF8(stateParam), null);
    }
    if (storeInSession) {
        String sessionStateAttribute = OAuthUtils.generateRandomTokenKey();
        OAuthUtils.setSessionToken(mc, stateParam, sessionStateAttribute, 0);
        stateParam = sessionStateAttribute;
    }
    redirectMap.putSingle(OAuthConstants.STATE, stateParam);
    return redirectMap;
}
Also used : MetadataMap(org.apache.cxf.jaxrs.impl.MetadataMap) JweEncryptionProvider(org.apache.cxf.rs.security.jose.jwe.JweEncryptionProvider) OAuthServiceException(org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException) JwsCompactProducer(org.apache.cxf.rs.security.jose.jws.JwsCompactProducer) JwsSignatureProvider(org.apache.cxf.rs.security.jose.jws.JwsSignatureProvider) NoneJwsSignatureProvider(org.apache.cxf.rs.security.jose.jws.NoneJwsSignatureProvider)

Example 2 with JwsSignatureProvider

use of org.apache.cxf.rs.security.jose.jws.JwsSignatureProvider in project cxf by apache.

the class JwsJsonWriterInterceptor method aroundWriteTo.

@Override
public void aroundWriteTo(WriterInterceptorContext ctx) throws IOException, WebApplicationException {
    if (ctx.getEntity() == null) {
        ctx.proceed();
        return;
    }
    List<String> propLocs = getPropertyLocations();
    List<JwsHeaders> protectedHeaders = new ArrayList<JwsHeaders>(propLocs.size());
    for (int i = 0; i < propLocs.size(); i++) {
        protectedHeaders.add(new JwsHeaders());
    }
    List<JwsSignatureProvider> sigProviders = getInitializedSigProviders(propLocs, protectedHeaders);
    OutputStream actualOs = ctx.getOutputStream();
    if (useJwsOutputStream) {
        List<String> encodedProtectedHeaders = new ArrayList<>(sigProviders.size());
        List<JwsSignature> signatures = new ArrayList<>(sigProviders.size());
        int size = sigProviders.size();
        for (int i = 0; i < size; i++) {
            JwsSignatureProvider signer = sigProviders.get(i);
            JwsHeaders protectedHeader = protectedHeaders.get(i);
            prepareProtectedHeader(protectedHeader, ctx, signer, size == 1);
            String encoded = Base64UrlUtility.encode(writer.toJson(protectedHeader));
            encodedProtectedHeaders.add(encoded);
            JwsSignature signature = signer.createJwsSignature(protectedHeader);
            byte[] start = StringUtils.toBytesUTF8(encoded + ".");
            signature.update(start, 0, start.length);
            signatures.add(signature);
        }
        ctx.setMediaType(JAXRSUtils.toMediaType(JoseConstants.MEDIA_TYPE_JOSE_JSON));
        actualOs.write(StringUtils.toBytesUTF8("{\"payload\":\""));
        JwsJsonOutputStream jwsStream = new JwsJsonOutputStream(actualOs, encodedProtectedHeaders, signatures);
        Base64UrlOutputStream base64Stream = null;
        if (encodePayload) {
            base64Stream = new Base64UrlOutputStream(jwsStream);
            ctx.setOutputStream(base64Stream);
        } else {
            ctx.setOutputStream(jwsStream);
        }
        ctx.proceed();
        if (encodePayload) {
            base64Stream.flush();
        }
        jwsStream.flush();
    } else {
        CachedOutputStream cos = new CachedOutputStream();
        ctx.setOutputStream(cos);
        ctx.proceed();
        JwsJsonProducer p = new JwsJsonProducer(new String(cos.getBytes(), StandardCharsets.UTF_8));
        int size = sigProviders.size();
        for (int i = 0; i < size; i++) {
            JwsSignatureProvider signer = sigProviders.get(i);
            JwsHeaders protectedHeader = protectedHeaders.get(i);
            prepareProtectedHeader(protectedHeader, ctx, signer, size == 1);
            p.signWith(signer, protectedHeader, null);
        }
        ctx.setMediaType(JAXRSUtils.toMediaType(JoseConstants.MEDIA_TYPE_JOSE_JSON));
        writeJws(p, actualOs);
    }
}
Also used : JwsSignature(org.apache.cxf.rs.security.jose.jws.JwsSignature) OutputStream(java.io.OutputStream) Base64UrlOutputStream(org.apache.cxf.common.util.Base64UrlOutputStream) JwsJsonOutputStream(org.apache.cxf.rs.security.jose.jws.JwsJsonOutputStream) CachedOutputStream(org.apache.cxf.io.CachedOutputStream) ArrayList(java.util.ArrayList) CachedOutputStream(org.apache.cxf.io.CachedOutputStream) JwsHeaders(org.apache.cxf.rs.security.jose.jws.JwsHeaders) JwsJsonOutputStream(org.apache.cxf.rs.security.jose.jws.JwsJsonOutputStream) Base64UrlOutputStream(org.apache.cxf.common.util.Base64UrlOutputStream) JwsJsonProducer(org.apache.cxf.rs.security.jose.jws.JwsJsonProducer) JwsSignatureProvider(org.apache.cxf.rs.security.jose.jws.JwsSignatureProvider)

Example 3 with JwsSignatureProvider

use of org.apache.cxf.rs.security.jose.jws.JwsSignatureProvider in project cxf by apache.

the class JwsWriterInterceptor method aroundWriteTo.

@Override
public void aroundWriteTo(WriterInterceptorContext ctx) throws IOException, WebApplicationException {
    if (ctx.getEntity() == null) {
        ctx.proceed();
        return;
    }
    JwsHeaders headers = new JwsHeaders();
    JwsSignatureProvider sigProvider = getInitializedSigProvider(headers);
    setContentTypeIfNeeded(headers, ctx);
    if (!encodePayload) {
        headers.setPayloadEncodingStatus(false);
    }
    protectHttpHeadersIfNeeded(ctx, headers);
    OutputStream actualOs = ctx.getOutputStream();
    if (useJwsOutputStream) {
        JwsSignature jwsSignature = sigProvider.createJwsSignature(headers);
        JoseUtils.traceHeaders(headers);
        JwsOutputStream jwsStream = new JwsOutputStream(actualOs, jwsSignature, true);
        byte[] headerBytes = StringUtils.toBytesUTF8(writer.toJson(headers));
        Base64UrlUtility.encodeAndStream(headerBytes, 0, headerBytes.length, jwsStream);
        jwsStream.write(new byte[] { '.' });
        Base64UrlOutputStream base64Stream = null;
        if (encodePayload) {
            base64Stream = new Base64UrlOutputStream(jwsStream);
            ctx.setOutputStream(base64Stream);
        } else {
            ctx.setOutputStream(jwsStream);
        }
        ctx.proceed();
        setJoseMediaType(ctx);
        if (base64Stream != null) {
            base64Stream.flush();
        }
        jwsStream.flush();
    } else {
        CachedOutputStream cos = new CachedOutputStream();
        ctx.setOutputStream(cos);
        ctx.proceed();
        JwsCompactProducer p = new JwsCompactProducer(headers, new String(cos.getBytes(), StandardCharsets.UTF_8));
        setJoseMediaType(ctx);
        writeJws(p, sigProvider, actualOs);
    }
}
Also used : JwsOutputStream(org.apache.cxf.rs.security.jose.jws.JwsOutputStream) JwsHeaders(org.apache.cxf.rs.security.jose.jws.JwsHeaders) JwsSignature(org.apache.cxf.rs.security.jose.jws.JwsSignature) Base64UrlOutputStream(org.apache.cxf.common.util.Base64UrlOutputStream) JwsOutputStream(org.apache.cxf.rs.security.jose.jws.JwsOutputStream) OutputStream(java.io.OutputStream) CachedOutputStream(org.apache.cxf.io.CachedOutputStream) JwsCompactProducer(org.apache.cxf.rs.security.jose.jws.JwsCompactProducer) Base64UrlOutputStream(org.apache.cxf.common.util.Base64UrlOutputStream) JwsSignatureProvider(org.apache.cxf.rs.security.jose.jws.JwsSignatureProvider) CachedOutputStream(org.apache.cxf.io.CachedOutputStream)

Example 4 with JwsSignatureProvider

use of org.apache.cxf.rs.security.jose.jws.JwsSignatureProvider in project cxf by apache.

the class AbstractJwsMultipartSignatureFilter method getAttachmentParts.

protected List<Object> getAttachmentParts(Object rootEntity) {
    List<Object> parts = null;
    if (rootEntity instanceof MultipartBody) {
        parts = CastUtils.cast(((MultipartBody) rootEntity).getAllAttachments());
    } else {
        parts = new ArrayList<Object>();
        if (rootEntity instanceof List) {
            List<Object> entityList = CastUtils.cast((List<?>) rootEntity);
            parts.addAll(entityList);
        } else {
            parts.add(rootEntity);
        }
    }
    JwsHeaders headers = new JwsHeaders();
    headers.setPayloadEncodingStatus(false);
    JwsSignatureProvider theSigProvider = sigProvider != null ? sigProvider : JwsUtils.loadSignatureProvider(headers, true);
    JwsSignature jwsSignature = theSigProvider.createJwsSignature(headers);
    String base64UrlEncodedHeaders = Base64UrlUtility.encode(writer.toJson(headers));
    byte[] headerBytesWithDot = StringUtils.toBytesASCII(base64UrlEncodedHeaders + ".");
    jwsSignature.update(headerBytesWithDot, 0, headerBytesWithDot.length);
    AttachmentUtils.addMultipartOutFilter(new JwsMultipartSignatureOutFilter(jwsSignature));
    JwsDetachedSignature jws = new JwsDetachedSignature(headers, base64UrlEncodedHeaders, jwsSignature, useJwsJsonSignatureFormat);
    Attachment jwsPart = new Attachment("signature", JoseConstants.MEDIA_TYPE_JOSE, jws);
    parts.add(jwsPart);
    return parts;
}
Also used : JwsSignature(org.apache.cxf.rs.security.jose.jws.JwsSignature) Attachment(org.apache.cxf.jaxrs.ext.multipart.Attachment) JwsHeaders(org.apache.cxf.rs.security.jose.jws.JwsHeaders) MultipartBody(org.apache.cxf.jaxrs.ext.multipart.MultipartBody) JwsDetachedSignature(org.apache.cxf.rs.security.jose.jws.JwsDetachedSignature) ArrayList(java.util.ArrayList) List(java.util.List) JwsSignatureProvider(org.apache.cxf.rs.security.jose.jws.JwsSignatureProvider)

Example 5 with JwsSignatureProvider

use of org.apache.cxf.rs.security.jose.jws.JwsSignatureProvider in project cxf by apache.

the class JoseProducer method processData.

public String processData(String data) {
    super.checkProcessRequirements();
    JweEncryptionProvider theEncProvider = null;
    JweHeaders jweHeaders = new JweHeaders();
    if (isJweRequired()) {
        theEncProvider = getInitializedEncryptionProvider(jweHeaders);
        if (theEncProvider == null) {
            throw new JoseException("Unable to encrypt the data");
        }
    }
    if (isJwsRequired()) {
        JwsHeaders jwsHeaders = new JwsHeaders();
        JwsCompactProducer jws = new JwsCompactProducer(jwsHeaders, data);
        JwsSignatureProvider theSigProvider = getInitializedSignatureProvider(jwsHeaders);
        if (theSigProvider == null) {
            throw new JoseException("Unable to sign the data");
        }
        data = jws.signWith(theSigProvider);
    }
    if (theEncProvider != null) {
        data = theEncProvider.encrypt(StringUtils.toBytesUTF8(data), jweHeaders);
    }
    return data;
}
Also used : JwsHeaders(org.apache.cxf.rs.security.jose.jws.JwsHeaders) JweEncryptionProvider(org.apache.cxf.rs.security.jose.jwe.JweEncryptionProvider) JwsCompactProducer(org.apache.cxf.rs.security.jose.jws.JwsCompactProducer) JweHeaders(org.apache.cxf.rs.security.jose.jwe.JweHeaders) JwsSignatureProvider(org.apache.cxf.rs.security.jose.jws.JwsSignatureProvider)

Aggregations

JwsSignatureProvider (org.apache.cxf.rs.security.jose.jws.JwsSignatureProvider)11 JwsHeaders (org.apache.cxf.rs.security.jose.jws.JwsHeaders)7 Properties (java.util.Properties)5 JweEncryptionProvider (org.apache.cxf.rs.security.jose.jwe.JweEncryptionProvider)4 ArrayList (java.util.ArrayList)3 JwsCompactProducer (org.apache.cxf.rs.security.jose.jws.JwsCompactProducer)3 JwsJwtCompactProducer (org.apache.cxf.rs.security.jose.jws.JwsJwtCompactProducer)3 JwsSignature (org.apache.cxf.rs.security.jose.jws.JwsSignature)3 OutputStream (java.io.OutputStream)2 Instant (java.time.Instant)2 List (java.util.List)2 Base64UrlOutputStream (org.apache.cxf.common.util.Base64UrlOutputStream)2 CachedOutputStream (org.apache.cxf.io.CachedOutputStream)2 Message (org.apache.cxf.message.Message)2 JweHeaders (org.apache.cxf.rs.security.jose.jwe.JweHeaders)2 IOException (java.io.IOException)1 StringReader (java.io.StringReader)1 URL (java.net.URL)1 StandardCharsets (java.nio.charset.StandardCharsets)1 KeyStore (java.security.KeyStore)1