use of org.apache.cxf.rs.security.jose.jws.JwsSignatureProvider in project cxf by apache.
the class JoseClientCodeStateManager method toRedirectState.
@Override
public MultivaluedMap<String, String> toRedirectState(MessageContext mc, MultivaluedMap<String, String> requestState) {
JweEncryptionProvider theEncryptionProvider = getInitializedEncryptionProvider();
JwsSignatureProvider theSigProvider = getInitializedSigProvider(theEncryptionProvider);
if (theEncryptionProvider == null && theSigProvider == null) {
throw new OAuthServiceException("The state can not be protected");
}
MultivaluedMap<String, String> redirectMap = new MetadataMap<String, String>();
if (generateNonce && theSigProvider != null) {
JwsCompactProducer nonceProducer = new JwsCompactProducer(OAuthUtils.generateRandomTokenKey());
String nonceParam = nonceProducer.signWith(theSigProvider);
requestState.putSingle(OAuthConstants.NONCE, nonceParam);
redirectMap.putSingle(OAuthConstants.NONCE, nonceParam);
}
Map<String, Object> stateMap = CastUtils.cast((Map<?, ?>) requestState);
String json = jsonp.toJson(stateMap);
String stateParam = null;
if (theSigProvider != null) {
JwsCompactProducer stateProducer = new JwsCompactProducer(json);
stateParam = stateProducer.signWith(theSigProvider);
}
if (theEncryptionProvider != null) {
stateParam = theEncryptionProvider.encrypt(StringUtils.toBytesUTF8(stateParam), null);
}
if (storeInSession) {
String sessionStateAttribute = OAuthUtils.generateRandomTokenKey();
OAuthUtils.setSessionToken(mc, stateParam, sessionStateAttribute, 0);
stateParam = sessionStateAttribute;
}
redirectMap.putSingle(OAuthConstants.STATE, stateParam);
return redirectMap;
}
use of org.apache.cxf.rs.security.jose.jws.JwsSignatureProvider in project cxf by apache.
the class JwsJsonWriterInterceptor method aroundWriteTo.
@Override
public void aroundWriteTo(WriterInterceptorContext ctx) throws IOException, WebApplicationException {
if (ctx.getEntity() == null) {
ctx.proceed();
return;
}
List<String> propLocs = getPropertyLocations();
List<JwsHeaders> protectedHeaders = new ArrayList<JwsHeaders>(propLocs.size());
for (int i = 0; i < propLocs.size(); i++) {
protectedHeaders.add(new JwsHeaders());
}
List<JwsSignatureProvider> sigProviders = getInitializedSigProviders(propLocs, protectedHeaders);
OutputStream actualOs = ctx.getOutputStream();
if (useJwsOutputStream) {
List<String> encodedProtectedHeaders = new ArrayList<>(sigProviders.size());
List<JwsSignature> signatures = new ArrayList<>(sigProviders.size());
int size = sigProviders.size();
for (int i = 0; i < size; i++) {
JwsSignatureProvider signer = sigProviders.get(i);
JwsHeaders protectedHeader = protectedHeaders.get(i);
prepareProtectedHeader(protectedHeader, ctx, signer, size == 1);
String encoded = Base64UrlUtility.encode(writer.toJson(protectedHeader));
encodedProtectedHeaders.add(encoded);
JwsSignature signature = signer.createJwsSignature(protectedHeader);
byte[] start = StringUtils.toBytesUTF8(encoded + ".");
signature.update(start, 0, start.length);
signatures.add(signature);
}
ctx.setMediaType(JAXRSUtils.toMediaType(JoseConstants.MEDIA_TYPE_JOSE_JSON));
actualOs.write(StringUtils.toBytesUTF8("{\"payload\":\""));
JwsJsonOutputStream jwsStream = new JwsJsonOutputStream(actualOs, encodedProtectedHeaders, signatures);
Base64UrlOutputStream base64Stream = null;
if (encodePayload) {
base64Stream = new Base64UrlOutputStream(jwsStream);
ctx.setOutputStream(base64Stream);
} else {
ctx.setOutputStream(jwsStream);
}
ctx.proceed();
if (encodePayload) {
base64Stream.flush();
}
jwsStream.flush();
} else {
CachedOutputStream cos = new CachedOutputStream();
ctx.setOutputStream(cos);
ctx.proceed();
JwsJsonProducer p = new JwsJsonProducer(new String(cos.getBytes(), StandardCharsets.UTF_8));
int size = sigProviders.size();
for (int i = 0; i < size; i++) {
JwsSignatureProvider signer = sigProviders.get(i);
JwsHeaders protectedHeader = protectedHeaders.get(i);
prepareProtectedHeader(protectedHeader, ctx, signer, size == 1);
p.signWith(signer, protectedHeader, null);
}
ctx.setMediaType(JAXRSUtils.toMediaType(JoseConstants.MEDIA_TYPE_JOSE_JSON));
writeJws(p, actualOs);
}
}
use of org.apache.cxf.rs.security.jose.jws.JwsSignatureProvider in project cxf by apache.
the class JwsWriterInterceptor method aroundWriteTo.
@Override
public void aroundWriteTo(WriterInterceptorContext ctx) throws IOException, WebApplicationException {
if (ctx.getEntity() == null) {
ctx.proceed();
return;
}
JwsHeaders headers = new JwsHeaders();
JwsSignatureProvider sigProvider = getInitializedSigProvider(headers);
setContentTypeIfNeeded(headers, ctx);
if (!encodePayload) {
headers.setPayloadEncodingStatus(false);
}
protectHttpHeadersIfNeeded(ctx, headers);
OutputStream actualOs = ctx.getOutputStream();
if (useJwsOutputStream) {
JwsSignature jwsSignature = sigProvider.createJwsSignature(headers);
JoseUtils.traceHeaders(headers);
JwsOutputStream jwsStream = new JwsOutputStream(actualOs, jwsSignature, true);
byte[] headerBytes = StringUtils.toBytesUTF8(writer.toJson(headers));
Base64UrlUtility.encodeAndStream(headerBytes, 0, headerBytes.length, jwsStream);
jwsStream.write(new byte[] { '.' });
Base64UrlOutputStream base64Stream = null;
if (encodePayload) {
base64Stream = new Base64UrlOutputStream(jwsStream);
ctx.setOutputStream(base64Stream);
} else {
ctx.setOutputStream(jwsStream);
}
ctx.proceed();
setJoseMediaType(ctx);
if (base64Stream != null) {
base64Stream.flush();
}
jwsStream.flush();
} else {
CachedOutputStream cos = new CachedOutputStream();
ctx.setOutputStream(cos);
ctx.proceed();
JwsCompactProducer p = new JwsCompactProducer(headers, new String(cos.getBytes(), StandardCharsets.UTF_8));
setJoseMediaType(ctx);
writeJws(p, sigProvider, actualOs);
}
}
use of org.apache.cxf.rs.security.jose.jws.JwsSignatureProvider in project cxf by apache.
the class AbstractJwsMultipartSignatureFilter method getAttachmentParts.
protected List<Object> getAttachmentParts(Object rootEntity) {
List<Object> parts = null;
if (rootEntity instanceof MultipartBody) {
parts = CastUtils.cast(((MultipartBody) rootEntity).getAllAttachments());
} else {
parts = new ArrayList<Object>();
if (rootEntity instanceof List) {
List<Object> entityList = CastUtils.cast((List<?>) rootEntity);
parts.addAll(entityList);
} else {
parts.add(rootEntity);
}
}
JwsHeaders headers = new JwsHeaders();
headers.setPayloadEncodingStatus(false);
JwsSignatureProvider theSigProvider = sigProvider != null ? sigProvider : JwsUtils.loadSignatureProvider(headers, true);
JwsSignature jwsSignature = theSigProvider.createJwsSignature(headers);
String base64UrlEncodedHeaders = Base64UrlUtility.encode(writer.toJson(headers));
byte[] headerBytesWithDot = StringUtils.toBytesASCII(base64UrlEncodedHeaders + ".");
jwsSignature.update(headerBytesWithDot, 0, headerBytesWithDot.length);
AttachmentUtils.addMultipartOutFilter(new JwsMultipartSignatureOutFilter(jwsSignature));
JwsDetachedSignature jws = new JwsDetachedSignature(headers, base64UrlEncodedHeaders, jwsSignature, useJwsJsonSignatureFormat);
Attachment jwsPart = new Attachment("signature", JoseConstants.MEDIA_TYPE_JOSE, jws);
parts.add(jwsPart);
return parts;
}
use of org.apache.cxf.rs.security.jose.jws.JwsSignatureProvider in project cxf by apache.
the class JoseProducer method processData.
public String processData(String data) {
super.checkProcessRequirements();
JweEncryptionProvider theEncProvider = null;
JweHeaders jweHeaders = new JweHeaders();
if (isJweRequired()) {
theEncProvider = getInitializedEncryptionProvider(jweHeaders);
if (theEncProvider == null) {
throw new JoseException("Unable to encrypt the data");
}
}
if (isJwsRequired()) {
JwsHeaders jwsHeaders = new JwsHeaders();
JwsCompactProducer jws = new JwsCompactProducer(jwsHeaders, data);
JwsSignatureProvider theSigProvider = getInitializedSignatureProvider(jwsHeaders);
if (theSigProvider == null) {
throw new JoseException("Unable to sign the data");
}
data = jws.signWith(theSigProvider);
}
if (theEncProvider != null) {
data = theEncProvider.encrypt(StringUtils.toBytesUTF8(data), jweHeaders);
}
return data;
}
Aggregations