Java Code Examples for org.apache.cxf.rs.security.jose.jwk.JsonWebKey#getKeyType()

The following examples show how to use org.apache.cxf.rs.security.jose.jwk.JsonWebKey#getKeyType() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: JwsUtils.java    From cxf with Apache License 2.0 6 votes vote down vote up
public static JwsSignatureProvider getSignatureProvider(JsonWebKey jwk,
                                                        SignatureAlgorithm defaultAlgorithm) {
    SignatureAlgorithm sigAlgo = jwk.getAlgorithm() == null ? defaultAlgorithm
        : SignatureAlgorithm.getAlgorithm(jwk.getAlgorithm());
    JwsSignatureProvider theSigProvider = null;
    KeyType keyType = jwk.getKeyType();
    if (KeyType.RSA == keyType) {
        theSigProvider = getPrivateKeySignatureProvider(JwkUtils.toRSAPrivateKey(jwk),
                                                        sigAlgo);
    } else if (KeyType.OCTET == keyType) {
        byte[] key = JoseUtils.decode((String)jwk.getProperty(JsonWebKey.OCTET_KEY_VALUE));
        theSigProvider = getHmacSignatureProvider(key, sigAlgo);
    } else if (KeyType.EC == jwk.getKeyType()) {
        theSigProvider = getPrivateKeySignatureProvider(JwkUtils.toECPrivateKey(jwk),
                                                        sigAlgo);
    }
    return theSigProvider;
}
 
Example 2
Source File: JweUtils.java    From cxf with Apache License 2.0 6 votes vote down vote up
public static KeyEncryptionProvider getKeyEncryptionProvider(JsonWebKey jwk, KeyAlgorithm defaultAlgorithm) {
    KeyAlgorithm keyAlgo = jwk.getAlgorithm() == null ? defaultAlgorithm
        : KeyAlgorithm.getAlgorithm(jwk.getAlgorithm());
    KeyEncryptionProvider keyEncryptionProvider = null;
    KeyType keyType = jwk.getKeyType();
    if (KeyType.RSA == keyType) {
        keyEncryptionProvider = getPublicKeyEncryptionProvider(JwkUtils.toRSAPublicKey(jwk, true),
                                                             keyAlgo);
    } else if (KeyType.OCTET == keyType) {
        keyEncryptionProvider = getSecretKeyEncryptionAlgorithm(JwkUtils.toSecretKey(jwk, keyAlgo),
                                                                keyAlgo);
    } else if (keyAlgo == KeyAlgorithm.ECDH_ES_DIRECT) {
        return new EcdhDirectKeyEncryptionAlgorithm();
    } else {
        ContentAlgorithm ctAlgo = null;
        Message m = PhaseInterceptorChain.getCurrentMessage();
        if (m != null) {
            ctAlgo = getContentAlgo((String)m.get(JoseConstants.RSSEC_ENCRYPTION_CONTENT_ALGORITHM));
        }
        keyEncryptionProvider = new EcdhAesWrapKeyEncryptionAlgorithm(JwkUtils.toECPublicKey(jwk),
                                    jwk.getStringProperty(JsonWebKey.EC_CURVE),
                                    keyAlgo,
                                    ctAlgo == null ? ContentAlgorithm.A128GCM : ctAlgo);
    }
    return keyEncryptionProvider;
}
 
Example 3
Source File: JweUtils.java    From cxf with Apache License 2.0 6 votes vote down vote up
public static KeyDecryptionProvider getKeyDecryptionProvider(JsonWebKey jwk, KeyAlgorithm defaultAlgorithm) {
    KeyAlgorithm keyAlgo = jwk.getAlgorithm() == null ? defaultAlgorithm
        : KeyAlgorithm.getAlgorithm(jwk.getAlgorithm());
    KeyDecryptionProvider keyDecryptionProvider = null;
    KeyType keyType = jwk.getKeyType();
    if (KeyType.RSA == keyType) {
        keyDecryptionProvider = getPrivateKeyDecryptionProvider(JwkUtils.toRSAPrivateKey(jwk),
                                                             keyAlgo);
    } else if (KeyType.OCTET == keyType) {
        keyDecryptionProvider = getSecretKeyDecryptionProvider(JwkUtils.toSecretKey(jwk),
                                        keyAlgo);
    } else {
        keyDecryptionProvider = getPrivateKeyDecryptionProvider(JwkUtils.toECPrivateKey(jwk),
                                                                 keyAlgo);
    }
    return keyDecryptionProvider;
}
 
Example 4
Source File: ApacheCXFConsumer.java    From cxf with Apache License 2.0 6 votes vote down vote up
private JweDecryptionProvider getJweDecryptionProvider(JsonWebKey key, KeyAlgorithm keyEncryptionAlgorithm,
    ContentAlgorithm contentEncryptionAlgorithm) {
    if (key.getAlgorithm() != null) {
        return JweUtils.createJweDecryptionProvider(key, contentEncryptionAlgorithm);
    }
    switch (key.getKeyType()) {
    case EC:
        return JweUtils.createJweDecryptionProvider(JwkUtils.toECPrivateKey(key), keyEncryptionAlgorithm,
            contentEncryptionAlgorithm);
    case RSA:
        return JweUtils.createJweDecryptionProvider(JwkUtils.toRSAPrivateKey(key), keyEncryptionAlgorithm,
            contentEncryptionAlgorithm);
    case OCTET:
        SecretKey secretKey = CryptoUtils.createSecretKeySpec(
            (String) key.getProperty(JsonWebKey.OCTET_KEY_VALUE), keyEncryptionAlgorithm.getJavaName());
        return JweUtils.createJweDecryptionProvider(secretKey, keyEncryptionAlgorithm,
            contentEncryptionAlgorithm);
    default:
        throw new IllegalArgumentException("JWK KeyType not supported: " + key.getKeyType());
    }
}
 
Example 5
Source File: JwsUtils.java    From cxf with Apache License 2.0 5 votes vote down vote up
public static JwsSignatureVerifier getSignatureVerifier(JsonWebKey jwk, SignatureAlgorithm defaultAlgorithm) {
    SignatureAlgorithm sigAlgo = jwk.getAlgorithm() == null ? defaultAlgorithm
        : SignatureAlgorithm.getAlgorithm(jwk.getAlgorithm());
    JwsSignatureVerifier theVerifier = null;
    KeyType keyType = jwk.getKeyType();
    if (KeyType.RSA == keyType) {
        theVerifier = getPublicKeySignatureVerifier(JwkUtils.toRSAPublicKey(jwk, true), sigAlgo);
    } else if (KeyType.OCTET == keyType) {
        byte[] key = JoseUtils.decode((String)jwk.getProperty(JsonWebKey.OCTET_KEY_VALUE));
        theVerifier = getHmacSignatureVerifier(key, sigAlgo);
    } else if (KeyType.EC == keyType) {
        theVerifier = getPublicKeySignatureVerifier(JwkUtils.toECPublicKey(jwk), sigAlgo);
    }
    return theVerifier;
}
 
Example 6
Source File: JwsUtils.java    From cxf with Apache License 2.0 5 votes vote down vote up
private static SignatureAlgorithm getDefaultKeyAlgorithm(JsonWebKey jwk) {
    KeyType keyType = jwk.getKeyType();
    if (KeyType.OCTET == keyType) {
        return SignatureAlgorithm.HS256;
    } else if (KeyType.EC == keyType) {
        return SignatureAlgorithm.ES256;
    } else {
        return SignatureAlgorithm.RS256;
    }
}
 
Example 7
Source File: JweUtils.java    From cxf with Apache License 2.0 5 votes vote down vote up
public static ContentEncryptionProvider getContentEncryptionProvider(JsonWebKey jwk,
                                                                     ContentAlgorithm defaultAlgorithm) {
    ContentAlgorithm ctAlgo = jwk.getAlgorithm() == null ? defaultAlgorithm
        : getContentAlgo(jwk.getAlgorithm());
    KeyType keyType = jwk.getKeyType();
    if (KeyType.OCTET == keyType) {
        return getContentEncryptionProvider(JwkUtils.toSecretKey(jwk), ctAlgo);
    }
    return null;
}
 
Example 8
Source File: JweUtils.java    From cxf with Apache License 2.0 5 votes vote down vote up
public static SecretKey getContentDecryptionSecretKey(JsonWebKey jwk, String defaultAlgorithm) {
    String ctEncryptionAlgo = jwk.getAlgorithm() == null ? defaultAlgorithm : jwk.getAlgorithm();
    KeyType keyType = jwk.getKeyType();
    if (KeyType.OCTET == keyType && AlgorithmUtils.isAesGcm(ctEncryptionAlgo)) {
        return JwkUtils.toSecretKey(jwk);
    }
    return null;
}
 
Example 9
Source File: JweUtils.java    From cxf with Apache License 2.0 5 votes vote down vote up
private static KeyAlgorithm getDefaultKeyAlgorithm(JsonWebKey jwk) {
    KeyType keyType = jwk.getKeyType();
    if (KeyType.OCTET == keyType) {
        return KeyAlgorithm.A128GCMKW;
    } else if (KeyType.RSA == keyType) {
        return KeyAlgorithm.RSA_OAEP;
    } else {
        return KeyAlgorithm.ECDH_ES_A128KW;
    }
}
 
Example 10
Source File: JwtVerifier.java    From deprecated-security-advanced-modules with Apache License 2.0 4 votes vote down vote up
public JwtToken getVerifiedJwtToken(String encodedJwt) throws BadCredentialsException {
	try {
		JwsJwtCompactConsumer jwtConsumer = new JwsJwtCompactConsumer(encodedJwt);
		JwtToken jwt = jwtConsumer.getJwtToken();

		String escapedKid = jwt.getJwsHeaders().getKeyId();
		String kid = escapedKid;
		if (!Strings.isNullOrEmpty(kid) && !kid.isEmpty()) {
			kid = StringEscapeUtils.unescapeJava(escapedKid);
			if (escapedKid != kid) {
				log.info("Escaped Key ID from JWT Token");
			}
		}
		JsonWebKey key = keyProvider.getKey(kid);
		
		// Algorithm is not mandatory for the key material, so we set it to the same as the JWT
		if (key.getAlgorithm() == null && key.getPublicKeyUse() == PublicKeyUse.SIGN && key.getKeyType() == KeyType.RSA)
		{
			key.setAlgorithm(jwt.getJwsHeaders().getAlgorithm());
		}
		
		JwsSignatureVerifier signatureVerifier = getInitializedSignatureVerifier(key, jwt);


		boolean signatureValid = jwtConsumer.verifySignatureWith(signatureVerifier);

		if (!signatureValid && Strings.isNullOrEmpty(kid)) {
			key = keyProvider.getKeyAfterRefresh(null);
			signatureVerifier = getInitializedSignatureVerifier(key, jwt);
			signatureValid = jwtConsumer.verifySignatureWith(signatureVerifier);
		}

		if (!signatureValid) {
			throw new BadCredentialsException("Invalid JWT signature");
		}

		validateClaims(jwt);

		return jwt;
	} catch (JwtException e) {
		throw new BadCredentialsException(e.getMessage(), e);
	}
}