JBoss.orgCommunity Documentation

Chapter 44. JSON Web Signature and Encryption (JOSE-JWT)

44.1. JSON Web Signature (JWS)
44.2. JSON Web Encryption (JWE)

JSON Web Signature and Encryption (JOSE JWT) is a new specification that can be used to encode content as a string and either digitally sign or encrypt it. I won't go over the spec here Do a Google search on it if you're interested

44.1. JSON Web Signature (JWS)

To digitally sign content using JWS, use the org.jboss.resteasy.jose.jws.JWSBuilder class. To unpack and verify a JWS, use the org.jboss.resteasy.jose.jws.JWSInput class. (TODO, write more doco here!) Here's an example:

          
   @Test
   public void testRSAWithContentType() throws Exception
   {
      KeyPair keyPair = KeyPairGenerator.getInstance("RSA").generateKeyPair();

      String encoded = new JWSBuilder()
              .contentType(MediaType.TEXT_PLAIN_TYPE)
              .content("Hello World", MediaType.TEXT_PLAIN_TYPE)
              .rsa256(keyPair.getPrivate());

      System.out.println(encoded);

      JWSInput input = new JWSInput(encoded, ResteasyProviderFactory.getInstance());
      System.out.println(input.getHeader());
      String msg = (String)input.readContent(String.class);
      Assert.assertEquals("Hello World", msg);
      Assert.assertTrue(RSAProvider.verify(input, keyPair.getPublic()));

   }

44.2. JSON Web Encryption (JWE)

To encrypt content using JWE, use the org.jboss.resteasy.jose.jwe.JWEBuilder class. To decrypt content using JWE, use the org.jboss.resteasy.jose.jwe.JWEInput class. (TODO, write more doco here!) Here's an example:

            
   @Test
   public void testRSA() throws Exception
   {
      KeyPair keyPair = KeyPairGenerator.getInstance("RSA").generateKeyPair();

      String content = "Live long and prosper.";

      {
      String encoded = new JWEBuilder().contentBytes(content.getBytes()).RSA1_5((RSAPublicKey)keyPair.getPublic());
      System.out.println("encoded: " + encoded);
      byte[] raw = new JWEInput(encoded).decrypt((RSAPrivateKey)keyPair.getPrivate()).getRawContent();
      String from = new String(raw);
      Assert.assertEquals(content, from);
      }
      {
         String encoded = new JWEBuilder().contentBytes(content.getBytes()).RSA_OAEP((RSAPublicKey)keyPair.getPublic());
         System.out.println("encoded: " + encoded);
         byte[] raw = new JWEInput(encoded).decrypt((RSAPrivateKey)keyPair.getPrivate()).getRawContent();
         String from = new String(raw);
         Assert.assertEquals(content, from);
      }
      {
         String encoded = new JWEBuilder().contentBytes(content.getBytes()).A128CBC_HS256().RSA1_5((RSAPublicKey)keyPair.getPublic());
         System.out.println("encoded: " + encoded);
         byte[] raw = new JWEInput(encoded).decrypt((RSAPrivateKey)keyPair.getPrivate()).getRawContent();
         String from = new String(raw);
         Assert.assertEquals(content, from);
      }
      {
         String encoded = new JWEBuilder().contentBytes(content.getBytes()).A128CBC_HS256().RSA_OAEP((RSAPublicKey)keyPair.getPublic());
         System.out.println("encoded: " + encoded);
         byte[] raw = new JWEInput(encoded).decrypt((RSAPrivateKey)keyPair.getPrivate()).getRawContent();
         String from = new String(raw);
         Assert.assertEquals(content, from);
      }
   }

   @Test
   public void testDirect() throws Exception
   {
      String content = "Live long and prosper.";
      String encoded = new JWEBuilder().contentBytes(content.getBytes()).dir("geheim");
      System.out.println("encoded: " + encoded);
      byte[] raw = new JWEInput(encoded).decrypt("geheim").getRawContent();
      String from = new String(raw);
      Assert.assertEquals(content, from);

   }