Example 1 with JwsSignatureProvider
use of org.apache.cxf.rs.security.jose.jws.JwsSignatureProvider in project cxf by apache.
the class JoseClientCodeStateManager method toRedirectState.
@Override
public MultivaluedMap<String, String> toRedirectState(MessageContext mc, MultivaluedMap<String, String> requestState) {
JweEncryptionProvider theEncryptionProvider = getInitializedEncryptionProvider();
JwsSignatureProvider theSigProvider = getInitializedSigProvider(theEncryptionProvider);
if (theEncryptionProvider == null && theSigProvider == null) {
throw new OAuthServiceException("The state can not be protected");
}
MultivaluedMap<String, String> redirectMap = new MetadataMap<String, String>();
if (generateNonce && theSigProvider != null) {
JwsCompactProducer nonceProducer = new JwsCompactProducer(OAuthUtils.generateRandomTokenKey());
String nonceParam = nonceProducer.signWith(theSigProvider);
requestState.putSingle(OAuthConstants.NONCE, nonceParam);
redirectMap.putSingle(OAuthConstants.NONCE, nonceParam);
}
Map<String, Object> stateMap = CastUtils.cast((Map<?, ?>) requestState);
String json = jsonp.toJson(stateMap);
String stateParam = null;
if (theSigProvider != null) {
JwsCompactProducer stateProducer = new JwsCompactProducer(json);
stateParam = stateProducer.signWith(theSigProvider);
}
if (theEncryptionProvider != null) {
stateParam = theEncryptionProvider.encrypt(StringUtils.toBytesUTF8(stateParam), null);
}
if (storeInSession) {
String sessionStateAttribute = OAuthUtils.generateRandomTokenKey();
OAuthUtils.setSessionToken(mc, stateParam, sessionStateAttribute, 0);
stateParam = sessionStateAttribute;
}
redirectMap.putSingle(OAuthConstants.STATE, stateParam);
return redirectMap;
}
Also used :
MetadataMap(org.apache.cxf.jaxrs.impl.MetadataMap)
JweEncryptionProvider(org.apache.cxf.rs.security.jose.jwe.JweEncryptionProvider)
OAuthServiceException(org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException)
JwsCompactProducer(org.apache.cxf.rs.security.jose.jws.JwsCompactProducer)
JwsSignatureProvider(org.apache.cxf.rs.security.jose.jws.JwsSignatureProvider)
NoneJwsSignatureProvider(org.apache.cxf.rs.security.jose.jws.NoneJwsSignatureProvider)
Example 2 with JwsSignatureProvider
use of org.apache.cxf.rs.security.jose.jws.JwsSignatureProvider in project cxf by apache.
the class JwsJsonWriterInterceptor method aroundWriteTo.
@Override
public void aroundWriteTo(WriterInterceptorContext ctx) throws IOException, WebApplicationException {
if (ctx.getEntity() == null) {
ctx.proceed();
return;
}
List<String> propLocs = getPropertyLocations();
List<JwsHeaders> protectedHeaders = new ArrayList<JwsHeaders>(propLocs.size());
for (int i = 0; i < propLocs.size(); i++) {
protectedHeaders.add(new JwsHeaders());
}
List<JwsSignatureProvider> sigProviders = getInitializedSigProviders(propLocs, protectedHeaders);
OutputStream actualOs = ctx.getOutputStream();
if (useJwsOutputStream) {
List<String> encodedProtectedHeaders = new ArrayList<>(sigProviders.size());
List<JwsSignature> signatures = new ArrayList<>(sigProviders.size());
int size = sigProviders.size();
for (int i = 0; i < size; i++) {
JwsSignatureProvider signer = sigProviders.get(i);
JwsHeaders protectedHeader = protectedHeaders.get(i);
prepareProtectedHeader(protectedHeader, ctx, signer, size == 1);
String encoded = Base64UrlUtility.encode(writer.toJson(protectedHeader));
encodedProtectedHeaders.add(encoded);
JwsSignature signature = signer.createJwsSignature(protectedHeader);
byte[] start = StringUtils.toBytesUTF8(encoded + ".");
signature.update(start, 0, start.length);
signatures.add(signature);
}
ctx.setMediaType(JAXRSUtils.toMediaType(JoseConstants.MEDIA_TYPE_JOSE_JSON));
actualOs.write(StringUtils.toBytesUTF8("{\"payload\":\""));
JwsJsonOutputStream jwsStream = new JwsJsonOutputStream(actualOs, encodedProtectedHeaders, signatures);
Base64UrlOutputStream base64Stream = null;
if (encodePayload) {
base64Stream = new Base64UrlOutputStream(jwsStream);
ctx.setOutputStream(base64Stream);
} else {
ctx.setOutputStream(jwsStream);
}
ctx.proceed();
if (encodePayload) {
base64Stream.flush();
}
jwsStream.flush();
} else {
CachedOutputStream cos = new CachedOutputStream();
ctx.setOutputStream(cos);
ctx.proceed();
JwsJsonProducer p = new JwsJsonProducer(new String(cos.getBytes(), StandardCharsets.UTF_8));
int size = sigProviders.size();
for (int i = 0; i < size; i++) {
JwsSignatureProvider signer = sigProviders.get(i);
JwsHeaders protectedHeader = protectedHeaders.get(i);
prepareProtectedHeader(protectedHeader, ctx, signer, size == 1);
p.signWith(signer, protectedHeader, null);
}
ctx.setMediaType(JAXRSUtils.toMediaType(JoseConstants.MEDIA_TYPE_JOSE_JSON));
writeJws(p, actualOs);
}
}
Also used :
JwsSignature(org.apache.cxf.rs.security.jose.jws.JwsSignature)
OutputStream(java.io.OutputStream)
Base64UrlOutputStream(org.apache.cxf.common.util.Base64UrlOutputStream)
JwsJsonOutputStream(org.apache.cxf.rs.security.jose.jws.JwsJsonOutputStream)
CachedOutputStream(org.apache.cxf.io.CachedOutputStream)
ArrayList(java.util.ArrayList)
CachedOutputStream(org.apache.cxf.io.CachedOutputStream)
JwsHeaders(org.apache.cxf.rs.security.jose.jws.JwsHeaders)
JwsJsonOutputStream(org.apache.cxf.rs.security.jose.jws.JwsJsonOutputStream)
Base64UrlOutputStream(org.apache.cxf.common.util.Base64UrlOutputStream)
JwsJsonProducer(org.apache.cxf.rs.security.jose.jws.JwsJsonProducer)
JwsSignatureProvider(org.apache.cxf.rs.security.jose.jws.JwsSignatureProvider)
Example 3 with JwsSignatureProvider
use of org.apache.cxf.rs.security.jose.jws.JwsSignatureProvider in project cxf by apache.
the class JwsWriterInterceptor method aroundWriteTo.
@Override
public void aroundWriteTo(WriterInterceptorContext ctx) throws IOException, WebApplicationException {
if (ctx.getEntity() == null) {
ctx.proceed();
return;
}
JwsHeaders headers = new JwsHeaders();
JwsSignatureProvider sigProvider = getInitializedSigProvider(headers);
setContentTypeIfNeeded(headers, ctx);
if (!encodePayload) {
headers.setPayloadEncodingStatus(false);
}
protectHttpHeadersIfNeeded(ctx, headers);
OutputStream actualOs = ctx.getOutputStream();
if (useJwsOutputStream) {
JwsSignature jwsSignature = sigProvider.createJwsSignature(headers);
JoseUtils.traceHeaders(headers);
JwsOutputStream jwsStream = new JwsOutputStream(actualOs, jwsSignature, true);
byte[] headerBytes = StringUtils.toBytesUTF8(writer.toJson(headers));
Base64UrlUtility.encodeAndStream(headerBytes, 0, headerBytes.length, jwsStream);
jwsStream.write(new byte[] { '.' });
Base64UrlOutputStream base64Stream = null;
if (encodePayload) {
base64Stream = new Base64UrlOutputStream(jwsStream);
ctx.setOutputStream(base64Stream);
} else {
ctx.setOutputStream(jwsStream);
}
ctx.proceed();
setJoseMediaType(ctx);
if (base64Stream != null) {
base64Stream.flush();
}
jwsStream.flush();
} else {
CachedOutputStream cos = new CachedOutputStream();
ctx.setOutputStream(cos);
ctx.proceed();
JwsCompactProducer p = new JwsCompactProducer(headers, new String(cos.getBytes(), StandardCharsets.UTF_8));
setJoseMediaType(ctx);
writeJws(p, sigProvider, actualOs);
}
}
Also used :
JwsOutputStream(org.apache.cxf.rs.security.jose.jws.JwsOutputStream)
JwsHeaders(org.apache.cxf.rs.security.jose.jws.JwsHeaders)
JwsSignature(org.apache.cxf.rs.security.jose.jws.JwsSignature)
Base64UrlOutputStream(org.apache.cxf.common.util.Base64UrlOutputStream)
JwsOutputStream(org.apache.cxf.rs.security.jose.jws.JwsOutputStream)
OutputStream(java.io.OutputStream)
CachedOutputStream(org.apache.cxf.io.CachedOutputStream)
JwsCompactProducer(org.apache.cxf.rs.security.jose.jws.JwsCompactProducer)
Base64UrlOutputStream(org.apache.cxf.common.util.Base64UrlOutputStream)
JwsSignatureProvider(org.apache.cxf.rs.security.jose.jws.JwsSignatureProvider)
CachedOutputStream(org.apache.cxf.io.CachedOutputStream)
Example 4 with JwsSignatureProvider
use of org.apache.cxf.rs.security.jose.jws.JwsSignatureProvider in project cxf by apache.
the class AbstractJwsMultipartSignatureFilter method getAttachmentParts.
protected List<Object> getAttachmentParts(Object rootEntity) {
List<Object> parts = null;
if (rootEntity instanceof MultipartBody) {
parts = CastUtils.cast(((MultipartBody) rootEntity).getAllAttachments());
} else {
parts = new ArrayList<Object>();
if (rootEntity instanceof List) {
List<Object> entityList = CastUtils.cast((List<?>) rootEntity);
parts.addAll(entityList);
} else {
parts.add(rootEntity);
}
}
JwsHeaders headers = new JwsHeaders();
headers.setPayloadEncodingStatus(false);
JwsSignatureProvider theSigProvider = sigProvider != null ? sigProvider : JwsUtils.loadSignatureProvider(headers, true);
JwsSignature jwsSignature = theSigProvider.createJwsSignature(headers);
String base64UrlEncodedHeaders = Base64UrlUtility.encode(writer.toJson(headers));
byte[] headerBytesWithDot = StringUtils.toBytesASCII(base64UrlEncodedHeaders + ".");
jwsSignature.update(headerBytesWithDot, 0, headerBytesWithDot.length);
AttachmentUtils.addMultipartOutFilter(new JwsMultipartSignatureOutFilter(jwsSignature));
JwsDetachedSignature jws = new JwsDetachedSignature(headers, base64UrlEncodedHeaders, jwsSignature, useJwsJsonSignatureFormat);
Attachment jwsPart = new Attachment("signature", JoseConstants.MEDIA_TYPE_JOSE, jws);
parts.add(jwsPart);
return parts;
}
Also used :
JwsSignature(org.apache.cxf.rs.security.jose.jws.JwsSignature)
Attachment(org.apache.cxf.jaxrs.ext.multipart.Attachment)
JwsHeaders(org.apache.cxf.rs.security.jose.jws.JwsHeaders)
MultipartBody(org.apache.cxf.jaxrs.ext.multipart.MultipartBody)
JwsDetachedSignature(org.apache.cxf.rs.security.jose.jws.JwsDetachedSignature)
ArrayList(java.util.ArrayList)
List(java.util.List)
JwsSignatureProvider(org.apache.cxf.rs.security.jose.jws.JwsSignatureProvider)
Example 5 with JwsSignatureProvider
use of org.apache.cxf.rs.security.jose.jws.JwsSignatureProvider in project cxf by apache.
the class JoseProducer method processData.
public String processData(String data) {
super.checkProcessRequirements();
JweEncryptionProvider theEncProvider = null;
JweHeaders jweHeaders = new JweHeaders();
if (isJweRequired()) {
theEncProvider = getInitializedEncryptionProvider(jweHeaders);
if (theEncProvider == null) {
throw new JoseException("Unable to encrypt the data");
}
}
if (isJwsRequired()) {
JwsHeaders jwsHeaders = new JwsHeaders();
JwsCompactProducer jws = new JwsCompactProducer(jwsHeaders, data);
JwsSignatureProvider theSigProvider = getInitializedSignatureProvider(jwsHeaders);
if (theSigProvider == null) {
throw new JoseException("Unable to sign the data");
}
data = jws.signWith(theSigProvider);
}
if (theEncProvider != null) {
data = theEncProvider.encrypt(StringUtils.toBytesUTF8(data), jweHeaders);
}
return data;
}
Also used :
JwsHeaders(org.apache.cxf.rs.security.jose.jws.JwsHeaders)
JweEncryptionProvider(org.apache.cxf.rs.security.jose.jwe.JweEncryptionProvider)
JwsCompactProducer(org.apache.cxf.rs.security.jose.jws.JwsCompactProducer)
JweHeaders(org.apache.cxf.rs.security.jose.jwe.JweHeaders)
JwsSignatureProvider(org.apache.cxf.rs.security.jose.jws.JwsSignatureProvider)
Aggregations
JwsSignatureProvider (org.apache.cxf.rs.security.jose.jws.JwsSignatureProvider)11
JwsHeaders (org.apache.cxf.rs.security.jose.jws.JwsHeaders)7
Properties (java.util.Properties)5
JweEncryptionProvider (org.apache.cxf.rs.security.jose.jwe.JweEncryptionProvider)4
ArrayList (java.util.ArrayList)3
JwsCompactProducer (org.apache.cxf.rs.security.jose.jws.JwsCompactProducer)3
JwsJwtCompactProducer (org.apache.cxf.rs.security.jose.jws.JwsJwtCompactProducer)3
JwsSignature (org.apache.cxf.rs.security.jose.jws.JwsSignature)3
OutputStream (java.io.OutputStream)2
Instant (java.time.Instant)2
List (java.util.List)2
Base64UrlOutputStream (org.apache.cxf.common.util.Base64UrlOutputStream)2
CachedOutputStream (org.apache.cxf.io.CachedOutputStream)2
Message (org.apache.cxf.message.Message)2
JweHeaders (org.apache.cxf.rs.security.jose.jwe.JweHeaders)2
IOException (java.io.IOException)1
StringReader (java.io.StringReader)1
URL (java.net.URL)1
StandardCharsets (java.nio.charset.StandardCharsets)1
KeyStore (java.security.KeyStore)1
