cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject git commit: [CXF-5902] Adding a system test
Date Wed, 13 Aug 2014 13:02:04 GMT
Repository: cxf
Updated Branches:
  refs/heads/master ba8fc3d35 -> 669d9f041


[CXF-5902] Adding a system test


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/669d9f04
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/669d9f04
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/669d9f04

Branch: refs/heads/master
Commit: 669d9f041f9c651294eb25a3021a800aeb6b6a32
Parents: ba8fc3d
Author: Sergey Beryozkin <sberyozkin@talend.com>
Authored: Wed Aug 13 14:01:45 2014 +0100
Committer: Sergey Beryozkin <sberyozkin@talend.com>
Committed: Wed Aug 13 14:01:45 2014 +0100

----------------------------------------------------------------------
 .../jwe/AbstractContentEncryptionAlgorithm.java |  2 +-
 .../oauth2/jwe/AbstractJweEncryption.java       | 12 +++++-
 .../oauth2/jwe/AesCbcHmacJweEncryption.java     | 27 ++++++++++---
 .../jwe/AesGcmContentEncryptionAlgorithm.java   |  8 ++++
 .../jwe/AesWrapKeyDecryptionAlgorithm.java      |  4 ++
 .../jwe/AesWrapKeyEncryptionAlgorithm.java      |  3 ++
 .../oauth2/jwe/DirectKeyJweEncryption.java      | 16 +++++++-
 .../jwt/jaxrs/AbstractJweDecryptingFilter.java  |  2 +-
 .../jaxrs/security/jwt/JAXRSJweJwsTest.java     | 40 ++++++++++++++++++++
 .../cxf/systest/jaxrs/security/jwt/server.xml   | 34 +++++++++++++++++
 10 files changed, 137 insertions(+), 11 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/669d9f04/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/AbstractContentEncryptionAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/AbstractContentEncryptionAlgorithm.java
b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/AbstractContentEncryptionAlgorithm.java
index 9dde55d..b6adb9f 100644
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/AbstractContentEncryptionAlgorithm.java
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/AbstractContentEncryptionAlgorithm.java
@@ -47,7 +47,7 @@ public abstract class AbstractContentEncryptionAlgorithm extends AbstractContent
     }
     public byte[] getInitVector() {
         if (iv == null) {
-            return CryptoUtils.generateSecureRandomBytes(getIvSize());
+            return CryptoUtils.generateSecureRandomBytes(getIvSize() / 8);
         } else if (iv.length > 0 && providedIvUsageCount.addAndGet(1) > 1)
{
             throw new SecurityException();
         } else {

http://git-wip-us.apache.org/repos/asf/cxf/blob/669d9f04/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/AbstractJweEncryption.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/AbstractJweEncryption.java
b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/AbstractJweEncryption.java
index 167d04e..885e29d 100644
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/AbstractJweEncryption.java
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/AbstractJweEncryption.java
@@ -60,15 +60,23 @@ public abstract class AbstractJweEncryption implements JweEncryptionProvider
{
     }
     
     protected byte[] getContentEncryptionKey() {
-        byte[] cek = contentEncryptionAlgo.getContentEncryptionKey(headers);
+        byte[] cek = getProvidedContentEncryptionKey();
         if (cek == null) {
             String algoJava = getContentEncryptionAlgoJava();
             String algoJwt = getContentEncryptionAlgoJwt();
             cek = CryptoUtils.getSecretKey(Algorithm.stripAlgoProperties(algoJava), 
-                Algorithm.valueOf(algoJwt).getKeySizeBits()).getEncoded();
+                                           getCekSize(algoJwt)).getEncoded();
         }
         return cek;
     }
+   
+    protected int getCekSize(String algoJwt) {
+        return Algorithm.valueOf(algoJwt.replace('-', '_')).getKeySizeBits();
+    }
+    
+    protected byte[] getProvidedContentEncryptionKey() {
+        return contentEncryptionAlgo.getContentEncryptionKey(headers);
+    }
     
     protected byte[] getEncryptedContentEncryptionKey(byte[] theCek) {
         return keyEncryptionAlgo.getEncryptedContentEncryptionKey(headers, theCek);

http://git-wip-us.apache.org/repos/asf/cxf/blob/669d9f04/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/AesCbcHmacJweEncryption.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/AesCbcHmacJweEncryption.java
b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/AesCbcHmacJweEncryption.java
index 0489819..492e0a6 100644
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/AesCbcHmacJweEncryption.java
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/AesCbcHmacJweEncryption.java
@@ -51,6 +51,12 @@ public class AesCbcHmacJweEncryption extends AbstractJweEncryption {
         AES_CEK_SIZE_MAP.put(Algorithm.A192CBC_HS384.getJwtName(), 48);
         AES_CEK_SIZE_MAP.put(Algorithm.A256CBC_HS512.getJwtName(), 64);
     }
+    public AesCbcHmacJweEncryption(String keyAlgo, 
+                                   String celAlgoJwt, 
+                                   KeyEncryptionAlgorithm keyEncryptionAlgorithm) {
+        this(new JweHeaders(keyAlgo, validateCekAlgorithm(celAlgoJwt)), 
+             null, null, keyEncryptionAlgorithm);
+    }
     public AesCbcHmacJweEncryption(JweHeaders headers, 
                                    KeyEncryptionAlgorithm keyEncryptionAlgorithm) {
         this(headers, null, null, keyEncryptionAlgorithm);
@@ -65,22 +71,24 @@ public class AesCbcHmacJweEncryption extends AbstractJweEncryption {
                                    KeyEncryptionAlgorithm keyEncryptionAlgorithm,
                                    JwtHeadersWriter writer) {
         super(headers, new AesCbcContentEncryptionAlgorithm(cek, iv), keyEncryptionAlgorithm,
writer);
-        if (!SUPPORTED_CEK_ALGORITHMS.contains(headers.getContentEncryptionAlgorithm()))
{
-            throw new SecurityException();
-        }
+        validateCekAlgorithm(headers.getContentEncryptionAlgorithm());
     }
     @Override
     protected byte[] getActualCek(byte[] theCek, String algoJwt) {
         return doGetActualCek(theCek, algoJwt);
     }
+    @Override
+    protected int getCekSize(String algoJwt) {
+        return getFullCekKeySize(algoJwt) * 8;
+    }
     protected static byte[] doGetActualCek(byte[] theCek, String algoJwt) {
-        int size = getCekKeySize(algoJwt) / 2;
+        int size = getFullCekKeySize(algoJwt) / 2;
         byte[] actualCek = new byte[size];
         System.arraycopy(theCek, size, actualCek, 0, size);
         return actualCek;
     }
     
-    protected static int getCekKeySize(String algoJwt) {
+    protected static int getFullCekKeySize(String algoJwt) {
         return AES_CEK_SIZE_MAP.get(algoJwt);
     }
     
@@ -113,7 +121,7 @@ public class AesCbcHmacJweEncryption extends AbstractJweEncryption {
                                                      JweHeaders theHeaders, 
                                                      String headersJson) {
         String algoJwt = theHeaders.getContentEncryptionAlgorithm();
-        int size = getCekKeySize(algoJwt) / 2;
+        int size = getFullCekKeySize(algoJwt) / 2;
         byte[] macKey = new byte[size];
         System.arraycopy(secretKey, 0, macKey, 0, size);
         
@@ -176,4 +184,11 @@ public class AesCbcHmacJweEncryption extends AbstractJweEncryption {
         private byte[] al;
         private String headersJson;
     }
+    
+    private static String validateCekAlgorithm(String cekAlgo) {
+        if (!SUPPORTED_CEK_ALGORITHMS.contains(cekAlgo)) {
+            throw new SecurityException();
+        }
+        return cekAlgo;
+    }
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/669d9f04/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/AesGcmContentEncryptionAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/AesGcmContentEncryptionAlgorithm.java
b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/AesGcmContentEncryptionAlgorithm.java
index 5d69273..67c5948 100644
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/AesGcmContentEncryptionAlgorithm.java
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/AesGcmContentEncryptionAlgorithm.java
@@ -20,9 +20,17 @@ package org.apache.cxf.rs.security.oauth2.jwe;
 
 import javax.crypto.SecretKey;
 
+import org.apache.cxf.rs.security.oauth2.utils.crypto.CryptoUtils;
+
 
 public class AesGcmContentEncryptionAlgorithm extends AbstractContentEncryptionAlgorithm
{
     private static final int DEFAULT_IV_SIZE = 96;
+    public AesGcmContentEncryptionAlgorithm() {
+        this((byte[])null, null);
+    }
+    public AesGcmContentEncryptionAlgorithm(String encodedCek, String encodedIv) {
+        this((byte[])CryptoUtils.decodeSequence(encodedCek), CryptoUtils.decodeSequence(encodedIv));
+    }
     public AesGcmContentEncryptionAlgorithm(SecretKey key, byte[] iv) { 
         this(key.getEncoded(), iv);    
     }

http://git-wip-us.apache.org/repos/asf/cxf/blob/669d9f04/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/AesWrapKeyDecryptionAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/AesWrapKeyDecryptionAlgorithm.java
b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/AesWrapKeyDecryptionAlgorithm.java
index ec99447..1fd77b7 100644
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/AesWrapKeyDecryptionAlgorithm.java
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/AesWrapKeyDecryptionAlgorithm.java
@@ -24,6 +24,9 @@ import org.apache.cxf.rs.security.oauth2.jwt.Algorithm;
 import org.apache.cxf.rs.security.oauth2.utils.crypto.CryptoUtils;
 
 public class AesWrapKeyDecryptionAlgorithm extends WrappedKeyDecryptionAlgorithm {
+    public AesWrapKeyDecryptionAlgorithm(String encodedKey) {    
+        this(CryptoUtils.decodeSequence(encodedKey));
+    }
     public AesWrapKeyDecryptionAlgorithm(byte[] secretKey) {    
         this(CryptoUtils.createSecretKeySpec(secretKey, Algorithm.AES_WRAP_ALGO_JAVA));
     }
@@ -31,4 +34,5 @@ public class AesWrapKeyDecryptionAlgorithm extends WrappedKeyDecryptionAlgorithm
         super(secretKey, true);
     }
     
+    
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/669d9f04/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/AesWrapKeyEncryptionAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/AesWrapKeyEncryptionAlgorithm.java
b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/AesWrapKeyEncryptionAlgorithm.java
index daa7a87..70224a1 100644
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/AesWrapKeyEncryptionAlgorithm.java
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/AesWrapKeyEncryptionAlgorithm.java
@@ -32,6 +32,9 @@ public class AesWrapKeyEncryptionAlgorithm extends AbstractWrapKeyEncryptionAlgo
         Arrays.asList(Algorithm.A128KW.getJwtName(),
                       Algorithm.A192KW.getJwtName(),
                       Algorithm.A256KW.getJwtName()));
+    public AesWrapKeyEncryptionAlgorithm(String encodedKey, String keyAlgoJwt) {    
+        this(CryptoUtils.decodeSequence(encodedKey), keyAlgoJwt);
+    }
     public AesWrapKeyEncryptionAlgorithm(byte[] keyBytes, String keyAlgoJwt) {
         this(CryptoUtils.createSecretKeySpec(keyBytes, Algorithm.toJavaName(keyAlgoJwt)),
              keyAlgoJwt);

http://git-wip-us.apache.org/repos/asf/cxf/blob/669d9f04/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/DirectKeyJweEncryption.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/DirectKeyJweEncryption.java
b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/DirectKeyJweEncryption.java
index a13bd39..12e959f 100644
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/DirectKeyJweEncryption.java
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/DirectKeyJweEncryption.java
@@ -28,6 +28,20 @@ public class DirectKeyJweEncryption extends AbstractJweEncryption {
                                                 cek.getEncoded().length * 8)), cek.getEncoded(),
iv);
     }
     public DirectKeyJweEncryption(JweHeaders headers, byte[] cek, byte[] iv) {
-        super(headers, new AesGcmContentEncryptionAlgorithm(cek, iv), new DirectKeyEncryptionAlgorithm());
+        this(headers, new AesGcmContentEncryptionAlgorithm(cek, iv));
+    }
+    public DirectKeyJweEncryption(JweHeaders headers, ContentEncryptionAlgorithm ceAlgo)
{
+        super(headers, ceAlgo, new DirectKeyEncryptionAlgorithm());
+    }
+    protected byte[] getProvidedContentEncryptionKey() {
+        return validateCek(super.getProvidedContentEncryptionKey());
+    }
+    private static byte[] validateCek(byte[] cek) {
+        if (cek == null) {
+            // to prevent the cek from being auto-generated which 
+            // does not make sense for the direct key case
+            throw new NullPointerException("CEK must not be null");
+        }
+        return cek;
     }
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/669d9f04/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/AbstractJweDecryptingFilter.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/AbstractJweDecryptingFilter.java
b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/AbstractJweDecryptingFilter.java
index d42d7b2..036fed0 100644
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/AbstractJweDecryptingFilter.java
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/AbstractJweDecryptingFilter.java
@@ -48,7 +48,7 @@ public class AbstractJweDecryptingFilter {
     protected void validateHeaders(JweHeaders headers) {
         // complete
     }
-    public void setDecryption(JweDecryptionProvider decryptor) {
+    public void setDecryptionProvider(JweDecryptionProvider decryptor) {
         this.decryption = decryptor;
     }
     protected JweDecryptionProvider getInitializedDecryption() {

http://git-wip-us.apache.org/repos/asf/cxf/blob/669d9f04/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JAXRSJweJwsTest.java
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JAXRSJweJwsTest.java
b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JAXRSJweJwsTest.java
index 20848c4..4971c2a 100644
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JAXRSJweJwsTest.java
+++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JAXRSJweJwsTest.java
@@ -30,6 +30,10 @@ import javax.crypto.Cipher;
 import org.apache.cxf.Bus;
 import org.apache.cxf.bus.spring.SpringBusFactory;
 import org.apache.cxf.jaxrs.client.JAXRSClientFactoryBean;
+import org.apache.cxf.rs.security.oauth2.jwe.AesCbcHmacJweDecryption;
+import org.apache.cxf.rs.security.oauth2.jwe.AesCbcHmacJweEncryption;
+import org.apache.cxf.rs.security.oauth2.jwe.AesWrapKeyDecryptionAlgorithm;
+import org.apache.cxf.rs.security.oauth2.jwe.AesWrapKeyEncryptionAlgorithm;
 import org.apache.cxf.rs.security.oauth2.jws.HmacJwsSignatureProvider;
 import org.apache.cxf.rs.security.oauth2.jws.JwsSignatureProvider;
 import org.apache.cxf.rs.security.oauth2.jwt.Algorithm;
@@ -121,6 +125,42 @@ public class JAXRSJweJwsTest extends AbstractBusClientServerTestBase
{
         assertEquals("book", text);
     }
     
+    @Test
+    public void testJweAesCbcHmac() throws Exception {
+        String address = "https://localhost:" + PORT + "/jweaescbchmac";
+        JAXRSClientFactoryBean bean = new JAXRSClientFactoryBean();
+        SpringBusFactory bf = new SpringBusFactory();
+        URL busFile = JAXRSJweJwsTest.class.getResource("client.xml");
+        Bus springBus = bf.createBus(busFile.toString());
+        bean.setBus(springBus);
+        bean.setServiceClass(BookStore.class);
+        bean.setAddress(address);
+        List<Object> providers = new LinkedList<Object>();
+        // writer
+        JweWriterInterceptor jweWriter = new JweWriterInterceptor();
+        //jweWriter.setUseJweOutputStream(true);
+        
+        final String cekEncryptionKey = "GawgguFyGrWKav7AX4VKUg";
+        AesWrapKeyEncryptionAlgorithm keyEncryption = 
+            new AesWrapKeyEncryptionAlgorithm(cekEncryptionKey, Algorithm.A128KW.getJwtName());
+        jweWriter.setEncryptionProvider(new AesCbcHmacJweEncryption(Algorithm.A128KW.getJwtName(),

+                                                                    Algorithm.A128CBC_HS256.getJwtName(),
+                                                                    keyEncryption));
+        
+        // reader 
+        JweClientResponseFilter jweReader = new JweClientResponseFilter();
+        jweReader.setDecryptionProvider(new AesCbcHmacJweDecryption(
+                                    new AesWrapKeyDecryptionAlgorithm(cekEncryptionKey)));
+        
+        providers.add(jweWriter);
+        providers.add(jweReader);
+        bean.setProviders(providers);
+        
+        BookStore bs = bean.create(BookStore.class);
+        String text = bs.echoText("book");
+        assertEquals("book", text);
+    }
+    
     private static class PrivateKeyPasswordProviderImpl implements PrivateKeyPasswordProvider
{
 
         @Override

http://git-wip-us.apache.org/repos/asf/cxf/blob/669d9f04/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/server.xml
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/server.xml
b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/server.xml
index f587972..07aad8c 100644
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/server.xml
+++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/server.xml
@@ -48,6 +48,31 @@ under the License.
     <bean id="serviceBean" class="org.apache.cxf.systest.jaxrs.security.jwt.BookStore"/>
     <bean id="jweInFilter" class="org.apache.cxf.rs.security.oauth2.jwt.jaxrs.JweContainerRequestFilter"/>
     <bean id="jweOutFilter" class="org.apache.cxf.rs.security.oauth2.jwt.jaxrs.JweWriterInterceptor"/>
+    
+    <bean id="aesWrapEncryptionAlgo" class="org.apache.cxf.rs.security.oauth2.jwe.AesWrapKeyEncryptionAlgorithm">
+        <constructor-arg value="GawgguFyGrWKav7AX4VKUg"/>
+        <constructor-arg value="A128KW"/>
+    </bean>
+    <bean id="aesCbcHmacEncryption" class="org.apache.cxf.rs.security.oauth2.jwe.AesCbcHmacJweEncryption">
+        <constructor-arg value="A128KW"/>
+        <constructor-arg value="A128CBC-HS256"/>
+        <constructor-arg ref="aesWrapEncryptionAlgo"/>
+    </bean>
+    
+    <bean id="aesWrapDecryptionAlgo" class="org.apache.cxf.rs.security.oauth2.jwe.AesWrapKeyDecryptionAlgorithm">
+        <constructor-arg value="GawgguFyGrWKav7AX4VKUg"/>
+    </bean>
+    <bean id="aesCbcHmacDecryption" class="org.apache.cxf.rs.security.oauth2.jwe.AesCbcHmacJweDecryption">
+        <constructor-arg ref="aesWrapDecryptionAlgo"/>
+    </bean>
+    
+    <bean id="jweInAesCbcHmacFilter" class="org.apache.cxf.rs.security.oauth2.jwt.jaxrs.JweContainerRequestFilter">
+        <property name="decryptionProvider" ref="aesCbcHmacDecryption"/>
+    </bean>
+    <bean id="jweOutAesCbcHmacFilter" class="org.apache.cxf.rs.security.oauth2.jwt.jaxrs.JweWriterInterceptor">
+        <property name="encryptionProvider" ref="aesCbcHmacEncryption"/>
+    </bean>
+    
     <bean id="hmacSigVerifier" class="org.apache.cxf.rs.security.oauth2.jws.HmacJwsSignatureProvider">
         <constructor-arg value="AyM1SysPpbyDfgZld3umj1qzKObwVMkoqQ-EstJQLr_T-1qS0gZH75aKtMN3Yj0iPS4hcgUuTwjAzZr1Z9CAow"/>
     </bean>
@@ -94,4 +119,13 @@ under the License.
             <entry key="rs.security.decryption.key.password.provider" value-ref="keyPasswordProvider"/>
         </jaxrs:properties>
     </jaxrs:server>
+    <jaxrs:server address="https://localhost:${testutil.ports.jaxrs-jwt}/jweaescbchmac">
+        <jaxrs:serviceBeans>
+            <ref bean="serviceBean"/>
+        </jaxrs:serviceBeans>
+        <jaxrs:providers>
+            <ref bean="jweInAesCbcHmacFilter"/>
+            <ref bean="jweOutAesCbcHmacFilter"/>
+        </jaxrs:providers>
+    </jaxrs:server>
 </beans>


Mime
View raw message