THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
CXF ships JWS related classes in this package and offers a support for all of JWA signature algorithms.
Signature and Verification Providers
JwsSignatureProvider supports signing the content, JwsSignatureVerifier - validating the signatures. These providers can be initialized from the keys or certificates loaded from JWK or JCA stores.
Note the signature and verification capabilities are represented by 2 different interfaces - it was done to keep the interfaces minimalistic and have the concerns separated which can be appreciated most in the cases where the code only signs or only validates.
The following table shows the algorithms and the corresponding providers:
| JwsSignatureProvider | JwsSignatureVerifier | |
| HMAC | HmacJwsSignatureProvider | HmacJwsSignatureVerifier |
| RSASSA-PKCS1 | PrivateKeyJwsSignarureProviderPrivateKeyJwsSignatureProvider | PublicKeyJwsSignatureVerifier |
| ECDSA | EcDsaJwsSignarureProviderEcDsaJwsSignatureProvider | EcDsaJwsSignatureVerifier |
| RSASSA-PSS | PrivateKeyJwsSignarureProviderPrivateKeyJwsSignatureProvider | PublicKeyJwsSignatureVerifier |
| None | NoneJwsSignarureProviderNoneJwsSignatureProvider | NoneJwsSignatureVerifier |
Either of these providers (except for None) can be initialized with the keys loaded from JWK or JCA stores or from the in-memory representations.
...
| Code Block | ||||
|---|---|---|---|---|
| ||||
// Sign
// Algorithm properties are set in the headers
JoseHeaders headers = new JoseHeaders();
headers.setAlgorithm(SignatureAlgorithm.HS256);
// This is the actual data content, JWT in this case, but can be an arbitrary JSON or non-JSON data
JwtClaims claims = new JwtClaims();
claims.setIssuer("joe");
claims.setExpiryTime(1300819380L);
claims.setClaim("http://example.com/is_root", Boolean.TRUE);
JwtToken token = new JwtToken(headers, claims);
JwsCompactProducer jws = new JwsJwtCompactProducer(token);
jws.signWith(new HmacJwsSignatureProvider(ENCODED_MAC_KEY, SignatureAlgorithm.HS256));
assertEquals(ENCODED_TOKEN_SIGNED_BY_MAC, jws.getSignedEncodedJws());
// validate
JwsJwtCompactConsumer jws = new JwsJwtCompactConsumer(ENCODED_TOKEN_SIGNED_BY_MAC);
assertTrue(jws.verifySignatureWith(new HmacJwsSignatureVerifier(ENCODED_MAC_KEY,
SignatureAlgorithm.HS256)));
JwtToken token = jws.getJwtToken();
JoseHeaders headers = token.getHeaders();
assertEquals(SignatureAlgorithm.HS256, headers.getAlgorithm());
validateClaims(token.getClaims()); |
...
JWE (JSON Web Encryption) document describes how a document content, and, when applicable, a content encryption key, can be encrypted. For example, Appendix A1 shows how the content can be encrypted with a secret key using Aes Gcm AesGcm with the actual content encryption key being encrypted /wrapped using RSA-OAEP.
CXF ships JWE related classes in this package and offers a support for all of JWA key encryption and content encryption algorithms.
Key and Content Encryption Providers
JWE Compact
JweEncryptionProvider supports encrypting the content, JweDecryptionProvider - decrypting the content. Encryptors and Decryptors for all of JWE algorithms are shipped.
Here is the example of doing AES CBC HMAC and AES Key Here is the example for doing Aes Cbc HMac and Aes Key Wrap in CXF:
| Code Block | ||||
|---|---|---|---|---|
| ||||
final String specPlainText = "Live long and prosper.";
byte[] cekEncryptionKey = Base64UrlUtility.decode(KEY_ENCRYPTION_KEY_A3);
AesWrapKeyEncryptionAlgorithm keyEncryption = new AesWrapKeyEncryptionAlgorithm(cekEncryptionKey, KeyAlgorithm.A128KW);
JweEncryptionProvider encryption = new AesCbcHmacJweEncryption(ContentAlgorithm.A128CBC_HS256,
CONTENT_ENCRYPTION_KEY_A3,
keyEncryption);
String jweContent = encryption.encrypt(specPlainText.getBytes("UTF-8"), null);
AesWrapKeyDecryptionAlgorithm keyDecryption = new AesWrapKeyDecryptionAlgorithm(cekEncryptionKey);
JweDecryptionProvider decryption = new AesCbcHmacJweDecryption(keyDecryption);
String decryptedText = INIT_VECTOR_A3,
keyEncryption);
String jweContent = encryption.encrypt(specPlainText.getBytes("UTF-8"), null);
assertEquals(JWE_OUTPUT_A3, jweContent);
AesWrapKeyDecryptionAlgorithm keyDecryption = new AesWrapKeyDecryptionAlgorithm(cekEncryptionKey);
JweDecryptionProvider decryption = new AesCbcHmacJweDecryption(keyDecryption);
String decryptedText = decryption.decrypt(jweContent).getContentText();
assertEquals(specPlainText, decryptedText); |
CXF ships JWE related classes in this package and offers a support for all of JWA encryption algorithms.
JweEncryptionProvider supports encrypting the content, JweDecryptionProvider - decrypting the content. Encryptors and Decryptors for all of JWE algorithms are shipped.
JweCompactConsumer and JweCompactProducer offer a utility support for creating and validating JWE compact serialization and accept keys in a variety of formats
(as JWKs, JCA representations, created out of band and wrapped in either JweEncryptionProvider or JweDecryptionProvider).
JweJwtCompactConsumer and JweJwtCompactProducer are JweCompactConsumer and JweCompactProducer specializations that offer a utility support for encrypting Json Web Tokens in a compact format.
JweJsonConsumer and JweJsonProducer support JWE JSON (full) serialization.
JweOutputStream is a specialized output stream that can be used in conjunction with JWE JAX-RS filters (see one of the next sections)
to support the best effort at streaming the content while encrypting it. These classes will use JweEncryptionOutput optionally returned from JweEncryptionProvider
instead of working with the consumer utility classes which deal with the encryption process completely in memory.
...
decryption.decrypt(jweContent).getContentText();
assertEquals(specPlainText, decryptedText); |
JWE JSON
JSON Web Token
JWT (JSON Web Token) is a collection of claims in JSON format. It offers a standard JSON container for representing various properties or claims.
...