cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject git commit: [CXF-5954] Adding JWS RSA and JWE AesHMacCbc JWK system tests
Date Thu, 11 Sep 2014 13:28:22 GMT
Repository: cxf
Updated Branches:
  refs/heads/3.0.x-fixes 5085661fa -> e1e837675


[CXF-5954] Adding JWS RSA and JWE AesHMacCbc JWK system tests


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/e1e83767
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/e1e83767
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/e1e83767

Branch: refs/heads/3.0.x-fixes
Commit: e1e8376750a0253d03c484b9a35c7321b1593f1d
Parents: 5085661
Author: Sergey Beryozkin <sberyozkin@talend.com>
Authored: Thu Sep 11 14:23:41 2014 +0100
Committer: Sergey Beryozkin <sberyozkin@talend.com>
Committed: Thu Sep 11 14:27:57 2014 +0100

----------------------------------------------------------------------
 .../cxf/rs/security/oauth2/jwt/Algorithm.java   |  5 +++
 .../jwt/jaxrs/AbstractJweDecryptingFilter.java  | 13 ++++--
 .../oauth2/jwt/jaxrs/JweWriterInterceptor.java  | 15 ++++---
 .../jaxrs/security/jwt/JAXRSJweJwsTest.java     | 46 ++++++++++++++++++++
 .../cxf/systest/jaxrs/security/jwt/server.xml   | 25 +++++++++++
 .../systest/jaxrs/security/alice.jwk.properties |  1 +
 .../systest/jaxrs/security/bob.jwk.properties   |  1 -
 .../jaxrs/security/secret.aescbchmac.properties | 20 +++++++++
 8 files changed, 117 insertions(+), 9 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/e1e83767/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/Algorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/Algorithm.java
b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/Algorithm.java
index cef22e6..1f8fa94 100644
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/Algorithm.java
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/Algorithm.java
@@ -192,4 +192,9 @@ public enum Algorithm {
             || JwtConstants.HMAC_SHA_384_ALGO.equals(algo)
             || JwtConstants.HMAC_SHA_512_ALGO.equals(algo); 
     }
+    public static boolean isAesCbcHmac(String algo) {
+        return JwtConstants.A128CBC_HS256_ALGO.equals(algo)
+            || JwtConstants.A192CBC_HS384_ALGO.equals(algo)
+            || JwtConstants.A256CBC_HS512_ALGO.equals(algo); 
+    }
 }
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/cxf/blob/e1e83767/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/AbstractJweDecryptingFilter.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/AbstractJweDecryptingFilter.java
b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/AbstractJweDecryptingFilter.java
index 6a484ba..e3356a7 100644
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/AbstractJweDecryptingFilter.java
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/AbstractJweDecryptingFilter.java
@@ -31,6 +31,7 @@ import org.apache.cxf.jaxrs.utils.JAXRSUtils;
 import org.apache.cxf.jaxrs.utils.ResourceUtils;
 import org.apache.cxf.message.Message;
 import org.apache.cxf.message.MessageUtils;
+import org.apache.cxf.rs.security.oauth2.jwe.AesCbcHmacJweDecryption;
 import org.apache.cxf.rs.security.oauth2.jwe.AesGcmWrapKeyDecryptionAlgorithm;
 import org.apache.cxf.rs.security.oauth2.jwe.AesWrapKeyDecryptionAlgorithm;
 import org.apache.cxf.rs.security.oauth2.jwe.JweCryptoProperties;
@@ -48,7 +49,7 @@ import org.apache.cxf.rs.security.oauth2.utils.crypto.CryptoUtils;
 public class AbstractJweDecryptingFilter {
     private static final String RSSEC_ENCRYPTION_IN_PROPS = "rs.security.encryption.in.properties";
     private static final String RSSEC_ENCRYPTION_PROPS = "rs.security.encryption.properties";
-        
+    private static final String JSON_WEB_ENCRYPTION_CEK_ALGO_PROP = "rs.security.jwe.content.encryption.algorithm";
   
     private JweDecryptionProvider decryption;
     private JweCryptoProperties cryptoProperties;
     private String defaultMediaType;
@@ -91,7 +92,6 @@ public class AbstractJweDecryptingFilter {
                     } else if (Algorithm.isAesGcmKeyWrap(jwk.getAlgorithm())) {
                         keyDecryptionProvider = new AesGcmWrapKeyDecryptionAlgorithm(key);
                     } 
-                    // etc
                 } else {
                     // TODO: support elliptic curve keys
                 }
@@ -102,7 +102,14 @@ public class AbstractJweDecryptingFilter {
             if (keyDecryptionProvider == null) {
                 throw new SecurityException();
             }
-            return new WrappedKeyJweDecryption(keyDecryptionProvider, cryptoProperties, null);
+            String contentEncryptionAlgo = props.getProperty(JSON_WEB_ENCRYPTION_CEK_ALGO_PROP);
+            boolean isAesHmac = Algorithm.isAesCbcHmac(contentEncryptionAlgo);
+            if (isAesHmac) { 
+                return new AesCbcHmacJweDecryption(keyDecryptionProvider);
+            } else {
+                return new WrappedKeyJweDecryption(keyDecryptionProvider, cryptoProperties,
null);
+            }
+            
         } catch (SecurityException ex) {
             throw ex;
         } catch (Exception ex) {

http://git-wip-us.apache.org/repos/asf/cxf/blob/e1e83767/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/JweWriterInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/JweWriterInterceptor.java
b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/JweWriterInterceptor.java
index 46f0de4..a23c74a 100644
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/JweWriterInterceptor.java
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/JweWriterInterceptor.java
@@ -39,6 +39,7 @@ import org.apache.cxf.jaxrs.utils.JAXRSUtils;
 import org.apache.cxf.jaxrs.utils.ResourceUtils;
 import org.apache.cxf.message.Message;
 import org.apache.cxf.message.MessageUtils;
+import org.apache.cxf.rs.security.oauth2.jwe.AesCbcHmacJweEncryption;
 import org.apache.cxf.rs.security.oauth2.jwe.AesGcmWrapKeyEncryptionAlgorithm;
 import org.apache.cxf.rs.security.oauth2.jwe.AesWrapKeyEncryptionAlgorithm;
 import org.apache.cxf.rs.security.oauth2.jwe.JweCompactProducer;
@@ -157,15 +158,19 @@ public class JweWriterInterceptor implements WriterInterceptor {
             if (keyEncryptionAlgo == null) {
                 keyEncryptionAlgo = props.getProperty(JSON_WEB_ENCRYPTION_KEY_ALGO_PROP);
             }
-            
-            JweHeaders headers = new JweHeaders(keyEncryptionAlgo,
-                                                props.getProperty(JSON_WEB_ENCRYPTION_CEK_ALGO_PROP));
+            String contentEncryptionAlgo = props.getProperty(JSON_WEB_ENCRYPTION_CEK_ALGO_PROP);
+            JweHeaders headers = new JweHeaders(keyEncryptionAlgo, contentEncryptionAlgo);
             String compression = props.getProperty(JSON_WEB_ENCRYPTION_ZIP_ALGO_PROP);
             if (compression != null) {
                 headers.setZipAlgorithm(compression);
             }
-            
-            return new WrappedKeyJweEncryption(headers, keyEncryptionProvider);
+            boolean isAesHmac = Algorithm.isAesCbcHmac(contentEncryptionAlgo);
+            if (isAesHmac) { 
+                return new AesCbcHmacJweEncryption(
+                    keyEncryptionAlgo, contentEncryptionAlgo, keyEncryptionProvider);
+            } else {
+                return new WrappedKeyJweEncryption(headers, keyEncryptionProvider);
+            }
         } catch (SecurityException ex) {
             throw ex;
         } catch (Exception ex) {

http://git-wip-us.apache.org/repos/asf/cxf/blob/e1e83767/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JAXRSJweJwsTest.java
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JAXRSJweJwsTest.java
b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JAXRSJweJwsTest.java
index 8d72b8e..b1252fd 100644
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JAXRSJweJwsTest.java
+++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JAXRSJweJwsTest.java
@@ -124,6 +124,28 @@ public class JAXRSJweJwsTest extends AbstractBusClientServerTestBase
{
         assertEquals("book", text);
     }
     @Test
+    public void testJweJwkAesWrapAndAesCbcHMac() throws Exception {
+        String address = "https://localhost:" + PORT + "/jwejwkaescbchmac";
+        JAXRSClientFactoryBean bean = new JAXRSClientFactoryBean();
+        SpringBusFactory bf = new SpringBusFactory();
+        URL busFile = JAXRSJweJwsTest.class.getResource("client.xml");
+        Bus springBus = bf.createBus(busFile.toString());
+        bean.setBus(springBus);
+        bean.setServiceClass(BookStore.class);
+        bean.setAddress(address);
+        List<Object> providers = new LinkedList<Object>();
+        JweWriterInterceptor jweWriter = new JweWriterInterceptor();
+        jweWriter.setUseJweOutputStream(true);
+        providers.add(jweWriter);
+        providers.add(new JweClientResponseFilter());
+        bean.setProviders(providers);
+        bean.getProperties(true).put("rs.security.encryption.properties",
+                                     "org/apache/cxf/systest/jaxrs/security/secret.aescbchmac.properties");
+        BookStore bs = bean.create(BookStore.class);
+        String text = bs.echoText("book");
+        assertEquals("book", text);
+    }
+    @Test
     public void testJweRsaJwsRsa() throws Exception {
         String address = "https://localhost:" + PORT + "/jwejwsrsa";
         doTestJweJwsRsa(address, null);
@@ -182,6 +204,30 @@ public class JAXRSJweJwsTest extends AbstractBusClientServerTestBase
{
         String text = bs.echoText("book");
         assertEquals("book", text);
     }
+    @Test
+    public void testJwsJwkRSA() throws Exception {
+        String address = "https://localhost:" + PORT + "/jwsjwkrsa";
+        JAXRSClientFactoryBean bean = new JAXRSClientFactoryBean();
+        SpringBusFactory bf = new SpringBusFactory();
+        URL busFile = JAXRSJweJwsTest.class.getResource("client.xml");
+        Bus springBus = bf.createBus(busFile.toString());
+        bean.setBus(springBus);
+        bean.setServiceClass(BookStore.class);
+        bean.setAddress(address);
+        List<Object> providers = new LinkedList<Object>();
+        JwsWriterInterceptor jwsWriter = new JwsWriterInterceptor();
+        jwsWriter.setUseJwsOutputStream(true);
+        providers.add(jwsWriter);
+        providers.add(new JwsClientResponseFilter());
+        bean.setProviders(providers);
+        bean.getProperties(true).put("rs.security.signature.out.properties", 
+            "org/apache/cxf/systest/jaxrs/security/alice.jwk.properties");
+        bean.getProperties(true).put("rs.security.signature.in.properties",
+            "org/apache/cxf/systest/jaxrs/security/bob.jwk.properties");
+        BookStore bs = bean.create(BookStore.class);
+        String text = bs.echoText("book");
+        assertEquals("book", text);
+    }
     private void doTestJweJwsRsa(String address, 
                                  JwsSignatureProvider jwsSigProvider) throws Exception {
         JAXRSClientFactoryBean bean = new JAXRSClientFactoryBean();

http://git-wip-us.apache.org/repos/asf/cxf/blob/e1e83767/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/server.xml
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/server.xml
b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/server.xml
index 145846a..ca3a0db 100644
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/server.xml
+++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/server.xml
@@ -126,6 +126,18 @@ under the License.
             <entry key="rs.security.encryption.properties" value="org/apache/cxf/systest/jaxrs/security/secret.jwk.properties"/>
         </jaxrs:properties>
     </jaxrs:server>
+    <jaxrs:server address="https://localhost:${testutil.ports.jaxrs-jwt}/jwejwkaescbchmac">
+        <jaxrs:serviceBeans>
+            <ref bean="serviceBean"/>
+        </jaxrs:serviceBeans>
+        <jaxrs:providers>
+            <ref bean="jweInFilter"/>
+            <ref bean="jweOutFilter"/>
+        </jaxrs:providers>
+        <jaxrs:properties>
+            <entry key="rs.security.encryption.properties" value="org/apache/cxf/systest/jaxrs/security/secret.aescbchmac.properties"/>
+        </jaxrs:properties>
+    </jaxrs:server>
     <jaxrs:server address="https://localhost:${testutil.ports.jaxrs-jwt}/jwejwshmac">
         <jaxrs:serviceBeans>
             <ref bean="serviceBean"/>
@@ -169,6 +181,19 @@ under the License.
             <entry key="rs.security.signature.out.properties" value="org/apache/cxf/systest/jaxrs/security/jws.ec.private.properties"/>
         </jaxrs:properties>
     </jaxrs:server>
+    <jaxrs:server address="https://localhost:${testutil.ports.jaxrs-jwt}/jwsjwkrsa">
+        <jaxrs:serviceBeans>
+            <ref bean="serviceBean"/>
+        </jaxrs:serviceBeans>
+        <jaxrs:providers>
+            <ref bean="jwsInFilter"/>
+            <ref bean="jwsOutFilter"/>
+        </jaxrs:providers>
+        <jaxrs:properties>
+            <entry key="rs.security.signature.in.properties" value="org/apache/cxf/systest/jaxrs/security/bob.jwk.properties"/>
+            <entry key="rs.security.signature.out.properties" value="org/apache/cxf/systest/jaxrs/security/alice.jwk.properties"/>
+        </jaxrs:properties>
+    </jaxrs:server>
     <jaxrs:server address="https://localhost:${testutil.ports.jaxrs-jwt}/jweaescbchmac">
         <jaxrs:serviceBeans>
             <ref bean="serviceBean"/>

http://git-wip-us.apache.org/repos/asf/cxf/blob/e1e83767/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/alice.jwk.properties
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/alice.jwk.properties
b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/alice.jwk.properties
index cab78a1..e36c3f3 100644
--- a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/alice.jwk.properties
+++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/alice.jwk.properties
@@ -19,3 +19,4 @@ rs.security.keystore.alias=2011-04-29
 rs.security.keystore.file=org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet.txt
 rs.security.jwe.content.encryption.algorithm=A128GCM
 rs.security.jwe.key.encryption.algorithm=RSA-OAEP
+rs.security.jws.content.signature.algorithm=RS256

http://git-wip-us.apache.org/repos/asf/cxf/blob/e1e83767/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/bob.jwk.properties
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/bob.jwk.properties
b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/bob.jwk.properties
index 16aabf0..8d43f81 100644
--- a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/bob.jwk.properties
+++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/bob.jwk.properties
@@ -21,4 +21,3 @@ rs.security.keystore.alias=2011-04-29
 rs.security.keystore.file=org/apache/cxf/systest/jaxrs/security/certs/jwkPublicSet.txt
 rs.security.jwe.content.encryption.algorithm=A128GCM
 rs.security.jwe.key.encryption.algorithm=RSA-OAEP
-

http://git-wip-us.apache.org/repos/asf/cxf/blob/e1e83767/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/secret.aescbchmac.properties
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/secret.aescbchmac.properties
b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/secret.aescbchmac.properties
new file mode 100644
index 0000000..eaddbf0
--- /dev/null
+++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/secret.aescbchmac.properties
@@ -0,0 +1,20 @@
+#    Licensed to the Apache Software Foundation (ASF) under one
+#    or more contributor license agreements. See the NOTICE file
+#    distributed with this work for additional information
+#    regarding copyright ownership. The ASF licenses this file
+#    to you under the Apache License, Version 2.0 (the
+#    "License"); you may not use this file except in compliance
+#    with the License. You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing,
+#    software distributed under the License is distributed on an
+#    "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+#    KIND, either express or implied. See the License for the
+#    specific language governing permissions and limitations
+#    under the License.
+rs.security.keystore.type=jwk
+rs.security.keystore.alias.jwe=AesWrapKey
+rs.security.keystore.file=org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet.txt
+rs.security.jwe.content.encryption.algorithm=A128CBC-HS256


Mime
View raw message