1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
|
<chapter>
<title>JSON Web Signature and Encryption (JOSE-JWT)</title>
<para>JSON Web Signature and Encryption (JOSE JWT) is a new specification that can be used to
encode content as a string and either digitally sign or encrypt it. I won't go over the spec
here Do a Google search on it if you're interested</para>
<section>
<title>JSON Web Signature (JWS)</title>
<para>To digitally sign content using JWS, use the <literal>org.jboss.resteasy.jose.jws.JWSBuilder</literal> class.
To unpack and verify a JWS, use the <literal>org.jboss.resteasy.jose.jws.JWSInput</literal> class. (TODO, write
more doco here!)
Here's an example:</para>
<programlisting>
<![CDATA[
@Test
public void testRSAWithContentType() throws Exception
{
KeyPair keyPair = KeyPairGenerator.getInstance("RSA").generateKeyPair();
String encoded = new JWSBuilder()
.contentType(MediaType.TEXT_PLAIN_TYPE)
.content("Hello World", MediaType.TEXT_PLAIN_TYPE)
.rsa256(keyPair.getPrivate());
System.out.println(encoded);
JWSInput input = new JWSInput(encoded, ResteasyProviderFactory.getInstance());
System.out.println(input.getHeader());
String msg = (String)input.readContent(String.class);
Assert.assertEquals("Hello World", msg);
Assert.assertTrue(RSAProvider.verify(input, keyPair.getPublic()));
}
]]>
</programlisting>
</section>
<section>
<title>JSON Web Encryption (JWE)</title>
<para>To encrypt content using JWE, use the <literal>org.jboss.resteasy.jose.jwe.JWEBuilder</literal> class.
To decrypt content using JWE, use the <literal>org.jboss.resteasy.jose.jwe.JWEInput</literal> class. (TODO, write
more doco here!)
Here's an example:</para>
<programlisting>
<![CDATA[
@Test
public void testRSA() throws Exception
{
KeyPair keyPair = KeyPairGenerator.getInstance("RSA").generateKeyPair();
String content = "Live long and prosper.";
{
String encoded = new JWEBuilder().contentBytes(content.getBytes()).RSA1_5((RSAPublicKey)keyPair.getPublic());
System.out.println("encoded: " + encoded);
byte[] raw = new JWEInput(encoded).decrypt((RSAPrivateKey)keyPair.getPrivate()).getRawContent();
String from = new String(raw);
Assert.assertEquals(content, from);
}
{
String encoded = new JWEBuilder().contentBytes(content.getBytes()).RSA_OAEP((RSAPublicKey)keyPair.getPublic());
System.out.println("encoded: " + encoded);
byte[] raw = new JWEInput(encoded).decrypt((RSAPrivateKey)keyPair.getPrivate()).getRawContent();
String from = new String(raw);
Assert.assertEquals(content, from);
}
{
String encoded = new JWEBuilder().contentBytes(content.getBytes()).A128CBC_HS256().RSA1_5((RSAPublicKey)keyPair.getPublic());
System.out.println("encoded: " + encoded);
byte[] raw = new JWEInput(encoded).decrypt((RSAPrivateKey)keyPair.getPrivate()).getRawContent();
String from = new String(raw);
Assert.assertEquals(content, from);
}
{
String encoded = new JWEBuilder().contentBytes(content.getBytes()).A128CBC_HS256().RSA_OAEP((RSAPublicKey)keyPair.getPublic());
System.out.println("encoded: " + encoded);
byte[] raw = new JWEInput(encoded).decrypt((RSAPrivateKey)keyPair.getPrivate()).getRawContent();
String from = new String(raw);
Assert.assertEquals(content, from);
}
}
@Test
public void testDirect() throws Exception
{
String content = "Live long and prosper.";
String encoded = new JWEBuilder().contentBytes(content.getBytes()).dir("geheim");
System.out.println("encoded: " + encoded);
byte[] raw = new JWEInput(encoded).decrypt("geheim").getRawContent();
String from = new String(raw);
Assert.assertEquals(content, from);
}]]>
</programlisting>
</section>
</chapter>
|
