...
The following table shows the algorithms and the corresponding providers (org.apache.cxf.rs.security.jose.jws package):
Algorithm | JWS Header 'alg' | JwsSignatureProvider | JwsSignatureVerifier |
HMAC | HS256, HS384, HS512 | HmacJwsSignatureProvider | HmacJwsSignatureVerifier |
RSASSA-PKCS1-v1_5 | RS256, RS384, RS512 | PrivateKeyJwsSignatureProvider | PublicKeyJwsSignatureVerifier |
ECDSA | ES256, ES384, ES512 | EcDsaJwsSignatureProvider | EcDsaJwsSignatureVerifier |
RSASSA-PSS | PS256, PS384, PS512 | PrivateKeyJwsSignatureProvider | PublicKeyJwsSignatureVerifier |
None | none | NoneJwsSignatureProvider | NoneJwsSignatureVerifier |
Either of these providers (except for None) can be initialized with the keys loaded from JWK or Java JKS stores or from the in-memory representations.
...
The following table shows the key encryption algorithms and the corresponding providers (org.apache.cxf.rs.security.jose.jwe package):
Algorithm | JWE Header 'alg' | KeyEncryptionProvider | KeyDecryptionProvider |
RSAES-PKCS1-v1_5 | RSA1_5 | RSAKeyEncryptionAlgorithm | RSAKeyDecryptionAlgorithm |
RSAES OAEP | RSA-OAEP, RSA-OAEP-256 | RSAKeyEncryptionAlgorithm | RSAKeyDecryptionAlgorithm |
AES Key Wrap | A128KW, A192KW, A256KW | AesKeyWrapEncryptionAlgorithm | AesKeyWrapDecryptionAlgorithm |
Direct | dir | DirectKeyEncryptionAlgorithm | DirectKeyDecryptionAlgorithm |
ECDH-ES Key Wrap | ECDH-ES+A128KW (+A192KW, +256KW) | EcdhAesWrapKeyEncryptionAlgorithm | EcdhAesWrapKeyDecryptionAlgorithm |
ECDH-ES Direct | ECDH-ES | EcdhDirectKeyJweEncryption | EcdhDirectKeyJweDecryption |
AES-GCM Key Wrap | A128GCMKW, A192GCMKW, A256GCMKW | AesGcmWrapKeyEncryptionAlgorithm | AesGcmWrapKeyDecryptionAlgorithm |
PBES2 | PBES2-HS256+A128KW PBES2-HS384+A192KW PBES2-HS512+A256KW | PbesHmacAesWrapKeyEncryptionAlgorithm | PbesHmacAesWrapKeyDecryptionAlgorithm |
RSA-OAEP algorithms are likely to be used most often at the moment due to existing JKS stores being available everywhere and a relatively easy way of making the public validation keys available.
...
The following table shows the content encryption algorithms and the corresponding providers:
Algorithm | JWE Header 'enc' | ContentEncryptionProvider | ContentDecryptionProvider |
AES_CBC_HMAC_SHA2 | A128CBC-HS256(-HS384, -HS512) | AesCbcHmacJweEncryption, | AesCbcHmacJweDecryption |
AES-GCM | A128GCM, A92GCM, A256GCM | AesGcmContentEncryptionAlgorithm | AesGcmContentDecryptionAlgorithm |
All of the above providers can be initialized with the keys loaded from JWK or Java JKS stores or from the in-memory representations.
...
This option is about using the CXF JOSE library to sign, encrypt, or/and decrypt and verify the data as documented above. This option should be preferred if one needs to keep a closer control, for example, set the custom JWS or JWE headers, etc.
...
These properties will contain a location of the key store, signature and/or encryption algorithm properties, etc. See the Configuration section for all the available configuration options.
...
Configuration Property Containers
Signature
rs.security.signature.out.properties | The signature properties file for Compact or JSON signature creation. If not specified then it falls back to "rs.security.signature.properties". |
rs.security.signature.in.properties | The signature properties file for Compact or JSON signature verification. If not specified then it falls back to "rs.security.signature.properties". |
rs.security.signature.properties | The signature properties file for Compact or JSON signature creation/verification. |
Encryption
rs.security.encryption.out.properties | The encryption properties file for Compact or JSON encryption creation. If not specified then it falls back to "rs.security.encryption.properties". |
rs.security.encryption.in.properties | The encryption properties file for Compact or JSON decryption. If not specified then it falls back to "rs.security.encryption.properties". |
rs.security.encryption.properties | The encryption properties file for encryption/decryption. |
Note that these property containers can be used for creating/processing JWS and JWE Compact and JSON sequences. If it is either JWS JSON or JWE JSON and you wish to have more than one signature or encryption be created then let the property value be a commas separated list of locations, with each location pointing to a unique signature or encryption operation property file.
...
Configuration that applies to both encryption and signature
rs.security.keystore | The Java KeyStore Object to use. This configuration tag is used if you want to pass the KeyStore Object through dynamically. |
rs.security.keystore.type | The keystore type. Suitable values are "jks" or "jwk". |
rs.security.keystore.password | The password required to access the keystore. |
rs.security.keystore.alias | The keystore alias corresponding to the key to use. You can append one of the following to this tag to get the alias for more specific operations: - jwe.out - jwe.in - jws.out - jws.in |
rs.security.keystore.aliases | The keystore aliases corresponding to the keys to use, when using the JSON serialization form. You can append one of the following to this tag to get the alias for more specific operations: - jws.out - jws.in |
rs.security.keystore.file | The path to the keystore file. |
rs.security.key.password | The password required to access the private key (in the keystore). |
rs.security.key.password.provider | A reference to a PrivateKeyPasswordProvider instance used to retrieve passwords to access keys. |
rs.security.accept.public.key | Whether to allow using a JWK received in the header for signature validation. The default is "false". |
rs.security.enable.revocation | Whether to enable revocation or not when validating a certificate chain. The default is "false". |
Configuration that applies to signature only
rs.security.signature.key.password.provider | A reference to a PrivateKeyPasswordProvider instance used to retrieve passwords to access keys for signature. If this is not specified it falls back to use "rs.security.key.password.provider". |
rs.security.signature.algorithm | The signature algorithm to use. The default algorithm if not specified is 'RS256'. |
rs.security.signature.include.public.key | Include the JWK public key for signature in the "jwk" header. |
rs.security.signature.include.cert | Include the X.509 certificate for signature in the "x5c" header. |
rs.security.signature.include.key.id | Include the JWK key id for signature in the "kid" header. |
rs.security.signature.include.cert.sha1 | Include the X.509 certificate SHA-1 digest for signature in the "x5t" header. |
rs.security.signature.include.cert.sha256 | Include the X.509 certificate SHA-256 digest for signature in the "x5t#S256" header. |
Configuration that applies to encryption only
rs.security.decryption.key.password.provider | A reference to a PrivateKeyPasswordProvider instance used to retrieve passwords to access keys for decryption. If this is not specified it falls back to use "rs.security.key.password.provider". |
rs.security.encryption.content.algorithm | The encryption content algorithm to use. The default algorithm if not specified is 'A128GCM'. |
rs.security.encryption.key.algorithm | The encryption key algorithm to use. The default algorithm if not specified is 'RSA-OAEP' if the key is an RSA key, 'ECDH-ES-A128KW' if the key is an EC key and 'A128GCMKW' if it is an octet sequence. |
rs.security.encryption.zip.algorithm | The encryption zip algorithm to use. |
rs.security.encryption.include.public.key | Include the JWK public key for encryption in the "jwk" header. |
rs.security.encryption.include.cert | Include the X.509 certificate for encryption in the "x5c" header. |
rs.security.encryption.include.key.id | Include the JWK key id for encryption in the "kid" header. |
rs.security.encryption.include.cert.sha1 | Include the X.509 certificate SHA-1 digest for encryption in the "x5t" header. |
rs.security.encryption.include.cert.sha256 | Include the X.509 certificate SHA-256 digest for encryption in the "x5t#S256" header. |
Configuration that applies to JWT tokens only
rs.security.enable.unsigned-jwt.principal | Whether to allow unsigned JWT tokens as SecurityContext Principals. The default is false. |
expected.claim.audience | If this property is defined, the received JWT must have an "aud" claim with a value matching this property. |
Interoperability
JOSE is already widely supported in OAuth2 and OIDC applications. Besides that CXF JOSE client or server will interoperate with a 3rd party client/server able to produce or consume JWS/JWE sequences. For example, see a WebCrypto API use case and the demo which demonstrates how a JWS sequence produced by a browser-hosted script can be validated by a server application capable of processing JWS, with the demo browser client being tested against a CXF JWS server too.
...