Search in sources :

Example 6 with PrivateKeyPasswordProvider

use of org.apache.cxf.rt.security.rs.PrivateKeyPasswordProvider in project cxf by apache.

the class KeyManagementUtils method loadPrivateKey.

public static PrivateKey loadPrivateKey(Message m, Properties props) {
    KeyStore keyStore = loadPersistKeyStore(m, props);
    String keyPswd = props.getProperty(HTTPSignatureConstants.RSSEC_KEY_PSWD);
    String alias = props.getProperty(HTTPSignatureConstants.RSSEC_KEY_STORE_ALIAS);
    char[] keyPswdChars = keyPswd != null ? keyPswd.toCharArray() : null;
    if (keyPswdChars == null) {
        PrivateKeyPasswordProvider provider = loadPasswordProvider(m, props);
        keyPswdChars = provider != null ? provider.getPassword(props) : null;
    }
    return CryptoUtils.loadPrivateKey(keyStore, keyPswdChars, alias);
}
Also used : KeyStore(java.security.KeyStore) PrivateKeyPasswordProvider(org.apache.cxf.rt.security.rs.PrivateKeyPasswordProvider)

Example 7 with PrivateKeyPasswordProvider

use of org.apache.cxf.rt.security.rs.PrivateKeyPasswordProvider in project cxf by apache.

the class JweUtils method loadKeyEncryptionProvider.

public static KeyEncryptionProvider loadKeyEncryptionProvider(Properties props, Message m, JweHeaders headers) {
    KeyEncryptionProvider keyEncryptionProvider = null;
    KeyAlgorithm keyAlgo = getKeyEncryptionAlgorithm(m, props, null, null);
    if (KeyAlgorithm.DIRECT == keyAlgo) {
        keyEncryptionProvider = new DirectKeyEncryptionAlgorithm();
    } else if (keyAlgo != null && AlgorithmUtils.PBES_HS_SET.contains(keyAlgo.getJwaName())) {
        PrivateKeyPasswordProvider provider = KeyManagementUtils.loadPasswordProvider(m, props, KeyOperation.ENCRYPT);
        char[] password = provider != null ? provider.getPassword(props) : null;
        if (password == null) {
            throw new JweException(JweException.Error.KEY_ENCRYPTION_FAILURE);
        }
        int pbes2Count = MessageUtils.getContextualInteger(m, JoseConstants.RSSEC_ENCRYPTION_PBES2_COUNT, 4096);
        return new PbesHmacAesWrapKeyEncryptionAlgorithm(new String(password), pbes2Count, keyAlgo, false);
    } else {
        boolean includeCert = JoseUtils.checkBooleanProperty(headers, props, m, JoseConstants.RSSEC_ENCRYPTION_INCLUDE_CERT);
        boolean includeCertSha1 = JoseUtils.checkBooleanProperty(headers, props, m, JoseConstants.RSSEC_ENCRYPTION_INCLUDE_CERT_SHA1);
        boolean includeCertSha256 = JoseUtils.checkBooleanProperty(headers, props, m, JoseConstants.RSSEC_ENCRYPTION_INCLUDE_CERT_SHA256);
        boolean includeKeyId = JoseUtils.checkBooleanProperty(headers, props, m, JoseConstants.RSSEC_ENCRYPTION_INCLUDE_KEY_ID);
        if (JoseConstants.HEADER_JSON_WEB_KEY.equals(props.get(JoseConstants.RSSEC_KEY_STORE_TYPE))) {
            JsonWebKey jwk = JwkUtils.loadJsonWebKey(m, props, KeyOperation.ENCRYPT);
            if (jwk != null) {
                keyAlgo = getKeyEncryptionAlgorithm(m, props, KeyAlgorithm.getAlgorithm(jwk.getAlgorithm()), getDefaultKeyAlgorithm(jwk));
                keyEncryptionProvider = getKeyEncryptionProvider(jwk, keyAlgo);
                boolean includePublicKey = JoseUtils.checkBooleanProperty(headers, props, m, JoseConstants.RSSEC_ENCRYPTION_INCLUDE_PUBLIC_KEY);
                if (includeCert) {
                    JwkUtils.includeCertChain(jwk, headers, keyAlgo.getJwaName());
                }
                if (includeCertSha1) {
                    KeyManagementUtils.setSha1DigestHeader(headers, m, props);
                } else if (includeCertSha256) {
                    KeyManagementUtils.setSha256DigestHeader(headers, m, props);
                }
                if (includePublicKey) {
                    JwkUtils.includePublicKey(jwk, headers, keyAlgo.getJwaName());
                }
                if (includeKeyId && jwk.getKeyId() != null) {
                    headers.setKeyId(jwk.getKeyId());
                }
            }
        } else {
            keyEncryptionProvider = getPublicKeyEncryptionProvider(KeyManagementUtils.loadPublicKey(m, props), props, keyAlgo);
            if (includeCert) {
                headers.setX509Chain(KeyManagementUtils.loadAndEncodeX509CertificateOrChain(m, props));
            }
            if (includeCertSha1) {
                KeyManagementUtils.setSha1DigestHeader(headers, m, props);
            } else if (includeCertSha256) {
                KeyManagementUtils.setSha256DigestHeader(headers, m, props);
            }
            if (includeKeyId && props.containsKey(JoseConstants.RSSEC_KEY_STORE_ALIAS)) {
                headers.setKeyId(props.getProperty(JoseConstants.RSSEC_KEY_STORE_ALIAS));
            }
        }
    }
    if (keyEncryptionProvider == null) {
        throw new JweException(JweException.Error.INVALID_KEY_ALGORITHM);
    }
    headers.setKeyEncryptionAlgorithm(keyEncryptionProvider.getAlgorithm());
    return keyEncryptionProvider;
}
Also used : JsonWebKey(org.apache.cxf.rs.security.jose.jwk.JsonWebKey) PrivateKeyPasswordProvider(org.apache.cxf.rt.security.rs.PrivateKeyPasswordProvider) KeyAlgorithm(org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm)

Example 8 with PrivateKeyPasswordProvider

use of org.apache.cxf.rt.security.rs.PrivateKeyPasswordProvider in project cxf by apache.

the class KeyManagementUtils method loadPrivateKey.

private static PrivateKey loadPrivateKey(KeyStore keyStore, Message m, Properties props, KeyOperation keyOper, String alias) {
    String keyPswd = props.getProperty(JoseConstants.RSSEC_KEY_PSWD);
    String theAlias = alias != null ? alias : getKeyId(m, props, JoseConstants.RSSEC_KEY_STORE_ALIAS, keyOper);
    if (theAlias != null) {
        props.put(JoseConstants.RSSEC_KEY_STORE_ALIAS, theAlias);
    }
    char[] keyPswdChars = keyPswd != null ? keyPswd.toCharArray() : null;
    if (keyPswdChars == null) {
        PrivateKeyPasswordProvider provider = loadPasswordProvider(m, props, keyOper);
        keyPswdChars = provider != null ? provider.getPassword(props) : null;
    }
    return CryptoUtils.loadPrivateKey(keyStore, keyPswdChars, theAlias);
}
Also used : PrivateKeyPasswordProvider(org.apache.cxf.rt.security.rs.PrivateKeyPasswordProvider)

Example 9 with PrivateKeyPasswordProvider

use of org.apache.cxf.rt.security.rs.PrivateKeyPasswordProvider in project cxf by apache.

the class JAXRSJweJwsTest method testJweRsaJwsRsaEncryptThenSign.

@Test
public void testJweRsaJwsRsaEncryptThenSign() throws Exception {
    String address = "https://localhost:" + PORT + "/jwejwsrsaencrsign";
    JAXRSClientFactoryBean bean = new JAXRSClientFactoryBean();
    SpringBusFactory bf = new SpringBusFactory();
    URL busFile = JAXRSJweJwsTest.class.getResource("client.xml");
    Bus springBus = bf.createBus(busFile.toString());
    bean.setBus(springBus);
    bean.setServiceClass(BookStore.class);
    bean.setAddress(address);
    List<Object> providers = new LinkedList<>();
    JweWriterInterceptor jweWriter = new EncrSignJweWriterInterceptor();
    jweWriter.setUseJweOutputStream(true);
    providers.add(jweWriter);
    JwsWriterInterceptor jwsWriter = new EncrSignJwsWriterInterceptor();
    jwsWriter.setUseJwsOutputStream(true);
    providers.add(jwsWriter);
    bean.setProviders(providers);
    bean.getProperties(true).put("rs.security.encryption.out.properties", SERVER_JWEJWS_PROPERTIES);
    bean.getProperties(true).put("rs.security.signature.out.properties", CLIENT_JWEJWS_PROPERTIES);
    PrivateKeyPasswordProvider provider = new PrivateKeyPasswordProviderImpl();
    bean.getProperties(true).put("rs.security.signature.key.password.provider", provider);
    BookStore bs = bean.create(BookStore.class);
    String text = bs.echoText("book");
    assertEquals("book", text);
}
Also used : Bus(org.apache.cxf.Bus) BookStore(org.apache.cxf.systest.jaxrs.security.jose.BookStore) JAXRSClientFactoryBean(org.apache.cxf.jaxrs.client.JAXRSClientFactoryBean) JweWriterInterceptor(org.apache.cxf.rs.security.jose.jaxrs.JweWriterInterceptor) PrivateKeyPasswordProvider(org.apache.cxf.rt.security.rs.PrivateKeyPasswordProvider) URL(java.net.URL) LinkedList(java.util.LinkedList) SpringBusFactory(org.apache.cxf.bus.spring.SpringBusFactory) JwsWriterInterceptor(org.apache.cxf.rs.security.jose.jaxrs.JwsWriterInterceptor) Test(org.junit.Test)

Example 10 with PrivateKeyPasswordProvider

use of org.apache.cxf.rt.security.rs.PrivateKeyPasswordProvider in project cxf by apache.

the class JAXRSJweJwsTest method createJweJwsBookStore.

private BookStore createJweJwsBookStore(String address, JwsSignatureProvider jwsSigProvider, List<?> mbProviders) throws Exception {
    JAXRSClientFactoryBean bean = new JAXRSClientFactoryBean();
    SpringBusFactory bf = new SpringBusFactory();
    URL busFile = JAXRSJweJwsTest.class.getResource("client.xml");
    Bus springBus = bf.createBus(busFile.toString());
    bean.setBus(springBus);
    bean.setServiceClass(BookStore.class);
    bean.setAddress(address);
    List<Object> providers = new LinkedList<>();
    JweWriterInterceptor jweWriter = new JweWriterInterceptor();
    jweWriter.setUseJweOutputStream(true);
    providers.add(jweWriter);
    providers.add(new JweClientResponseFilter());
    JwsWriterInterceptor jwsWriter = new JwsWriterInterceptor();
    if (jwsSigProvider != null) {
        jwsWriter.setSignatureProvider(jwsSigProvider);
    }
    jwsWriter.setUseJwsOutputStream(true);
    providers.add(jwsWriter);
    providers.add(new JwsClientResponseFilter());
    if (mbProviders != null) {
        providers.addAll(mbProviders);
    }
    bean.setProviders(providers);
    bean.getProperties(true).put("rs.security.encryption.out.properties", SERVER_JWEJWS_PROPERTIES);
    bean.getProperties(true).put("rs.security.signature.out.properties", CLIENT_JWEJWS_PROPERTIES);
    bean.getProperties(true).put("rs.security.encryption.in.properties", CLIENT_JWEJWS_PROPERTIES);
    bean.getProperties(true).put("rs.security.signature.in.properties", SERVER_JWEJWS_PROPERTIES);
    PrivateKeyPasswordProvider provider = new PrivateKeyPasswordProviderImpl();
    bean.getProperties(true).put("rs.security.signature.key.password.provider", provider);
    bean.getProperties(true).put("rs.security.decryption.key.password.provider", provider);
    return bean.create(BookStore.class);
}
Also used : Bus(org.apache.cxf.Bus) JwsClientResponseFilter(org.apache.cxf.rs.security.jose.jaxrs.JwsClientResponseFilter) JAXRSClientFactoryBean(org.apache.cxf.jaxrs.client.JAXRSClientFactoryBean) JweWriterInterceptor(org.apache.cxf.rs.security.jose.jaxrs.JweWriterInterceptor) PrivateKeyPasswordProvider(org.apache.cxf.rt.security.rs.PrivateKeyPasswordProvider) URL(java.net.URL) LinkedList(java.util.LinkedList) SpringBusFactory(org.apache.cxf.bus.spring.SpringBusFactory) JweClientResponseFilter(org.apache.cxf.rs.security.jose.jaxrs.JweClientResponseFilter) JwsWriterInterceptor(org.apache.cxf.rs.security.jose.jaxrs.JwsWriterInterceptor)

Aggregations

PrivateKeyPasswordProvider (org.apache.cxf.rt.security.rs.PrivateKeyPasswordProvider)10 URL (java.net.URL)5 LinkedList (java.util.LinkedList)4 Bus (org.apache.cxf.Bus)4 SpringBusFactory (org.apache.cxf.bus.spring.SpringBusFactory)4 JAXRSClientFactoryBean (org.apache.cxf.jaxrs.client.JAXRSClientFactoryBean)4 JweWriterInterceptor (org.apache.cxf.rs.security.jose.jaxrs.JweWriterInterceptor)4 JweClientResponseFilter (org.apache.cxf.rs.security.jose.jaxrs.JweClientResponseFilter)3 BookStore (org.apache.cxf.systest.jaxrs.security.jose.BookStore)3 Test (org.junit.Test)3 KeyStore (java.security.KeyStore)2 PrivateKey (java.security.PrivateKey)2 ArrayList (java.util.ArrayList)2 List (java.util.List)2 JwsWriterInterceptor (org.apache.cxf.rs.security.jose.jaxrs.JwsWriterInterceptor)2 IOException (java.io.IOException)1 OutputStream (java.io.OutputStream)1 StandardCharsets (java.nio.charset.StandardCharsets)1 KeyPair (java.security.KeyPair)1 KeyPairGenerator (java.security.KeyPairGenerator)1