cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject git commit: [CXF-5954] Adding a system test with JWK AesWrap
Date Fri, 05 Sep 2014 16:39:28 GMT
Repository: cxf
Updated Branches:
  refs/heads/master 640113292 -> 21a099e9b


[CXF-5954] Adding a system test with JWK AesWrap


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/21a099e9
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/21a099e9
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/21a099e9

Branch: refs/heads/master
Commit: 21a099e9b66964ff6f41786272c16652c6e209ed
Parents: 6401132
Author: Sergey Beryozkin <sberyozkin@talend.com>
Authored: Fri Sep 5 17:39:09 2014 +0100
Committer: Sergey Beryozkin <sberyozkin@talend.com>
Committed: Fri Sep 5 17:39:09 2014 +0100

----------------------------------------------------------------------
 .../oauth2/jwe/ContentEncryptionAlgorithm.java  |  2 +-
 .../jwe/ContentEncryptionCipherProperties.java  |  2 +-
 .../oauth2/jwe/KeyEncryptionAlgorithm.java      |  2 +-
 .../cxf/rs/security/oauth2/jwk/JsonWebKey.java  |  7 ++++
 .../jwt/jaxrs/AbstractJweDecryptingFilter.java  | 28 ++++++++++++---
 .../oauth2/jwt/jaxrs/JweWriterInterceptor.java  | 38 ++++++++++++++------
 .../oauth2/utils/crypto/CryptoUtils.java        | 34 +++++++++---------
 .../jaxrs/security/jwt/JAXRSJweJwsTest.java     | 26 ++++++++++++--
 .../cxf/systest/jaxrs/security/jwt/server.xml   | 14 +++++++-
 .../jaxrs/security/certs/jwkPrivateSet.txt      |  7 +++-
 .../jaxrs/security/secret.jwk.properties        | 21 +++++++++++
 11 files changed, 143 insertions(+), 38 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/21a099e9/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/ContentEncryptionAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/ContentEncryptionAlgorithm.java
b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/ContentEncryptionAlgorithm.java
index 1fcf25c..e76f8c9 100644
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/ContentEncryptionAlgorithm.java
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/ContentEncryptionAlgorithm.java
@@ -20,7 +20,7 @@ package org.apache.cxf.rs.security.oauth2.jwe;
 
 
 
-interface ContentEncryptionAlgorithm extends ContentEncryptionCipherProperties {
+public interface ContentEncryptionAlgorithm extends ContentEncryptionCipherProperties {
     byte[] getInitVector();
     byte[] getContentEncryptionKey(JweHeaders headers);
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/21a099e9/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/ContentEncryptionCipherProperties.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/ContentEncryptionCipherProperties.java
b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/ContentEncryptionCipherProperties.java
index 6cbe869..aae888a 100644
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/ContentEncryptionCipherProperties.java
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/ContentEncryptionCipherProperties.java
@@ -21,7 +21,7 @@ package org.apache.cxf.rs.security.oauth2.jwe;
 import java.security.spec.AlgorithmParameterSpec;
 
 
-interface ContentEncryptionCipherProperties {
+public interface ContentEncryptionCipherProperties {
     byte[] getAdditionalAuthenticationData(String headersJson);
     AlgorithmParameterSpec getAlgorithmParameterSpec(byte[] iv);
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/21a099e9/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/KeyEncryptionAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/KeyEncryptionAlgorithm.java
b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/KeyEncryptionAlgorithm.java
index 2bc4d16..55c066e 100644
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/KeyEncryptionAlgorithm.java
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/KeyEncryptionAlgorithm.java
@@ -19,6 +19,6 @@
 package org.apache.cxf.rs.security.oauth2.jwe;
 
 
-interface KeyEncryptionAlgorithm {
+public interface KeyEncryptionAlgorithm {
     byte[] getEncryptedContentEncryptionKey(JweHeaders headers, byte[] cek);
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/21a099e9/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwk/JsonWebKey.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwk/JsonWebKey.java
b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwk/JsonWebKey.java
index 7e3e7a1..4131b46 100644
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwk/JsonWebKey.java
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwk/JsonWebKey.java
@@ -23,8 +23,11 @@ import java.security.interfaces.RSAPublicKey;
 import java.util.List;
 import java.util.Map;
 
+import javax.crypto.SecretKey;
+
 import org.apache.cxf.helpers.CastUtils;
 import org.apache.cxf.rs.security.oauth2.jwt.AbstractJwtObject;
+import org.apache.cxf.rs.security.oauth2.jwt.Algorithm;
 import org.apache.cxf.rs.security.oauth2.jwt.JwtConstants;
 import org.apache.cxf.rs.security.oauth2.utils.crypto.CryptoUtils;
 
@@ -187,5 +190,9 @@ public class JsonWebKey extends AbstractJwtObject {
                                                 encodedCrtCoefficient);
         }
     }
+    public SecretKey toSecretKey() {
+        return CryptoUtils.createSecretKeySpec((String)getProperty(OCTET_KEY_VALUE), 
+                                               Algorithm.toJavaName(getAlgorithm()));
+    }
     
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/21a099e9/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/AbstractJweDecryptingFilter.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/AbstractJweDecryptingFilter.java
b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/AbstractJweDecryptingFilter.java
index 34da71e..a7d5fd8 100644
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/AbstractJweDecryptingFilter.java
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/AbstractJweDecryptingFilter.java
@@ -23,19 +23,25 @@ import java.io.InputStream;
 import java.security.interfaces.RSAPrivateKey;
 import java.util.Properties;
 
+import javax.crypto.SecretKey;
+
 import org.apache.cxf.Bus;
 import org.apache.cxf.helpers.IOUtils;
 import org.apache.cxf.jaxrs.utils.JAXRSUtils;
 import org.apache.cxf.jaxrs.utils.ResourceUtils;
 import org.apache.cxf.message.Message;
 import org.apache.cxf.message.MessageUtils;
+import org.apache.cxf.rs.security.oauth2.jwe.AesWrapKeyDecryptionAlgorithm;
 import org.apache.cxf.rs.security.oauth2.jwe.JweCryptoProperties;
 import org.apache.cxf.rs.security.oauth2.jwe.JweDecryptionOutput;
 import org.apache.cxf.rs.security.oauth2.jwe.JweDecryptionProvider;
 import org.apache.cxf.rs.security.oauth2.jwe.JweHeaders;
+import org.apache.cxf.rs.security.oauth2.jwe.RSAOaepKeyDecryptionAlgorithm;
+import org.apache.cxf.rs.security.oauth2.jwe.WrappedKeyDecryptionAlgorithm;
 import org.apache.cxf.rs.security.oauth2.jwe.WrappedKeyJweDecryption;
 import org.apache.cxf.rs.security.oauth2.jwk.JsonWebKey;
 import org.apache.cxf.rs.security.oauth2.jwk.JwkUtils;
+import org.apache.cxf.rs.security.oauth2.jwt.Algorithm;
 import org.apache.cxf.rs.security.oauth2.utils.crypto.CryptoUtils;
 
 public class AbstractJweDecryptingFilter {
@@ -70,17 +76,29 @@ public class AbstractJweDecryptingFilter {
         }
         Bus bus = m.getExchange().getBus();
         try {
-            RSAPrivateKey pk = null;
+            WrappedKeyDecryptionAlgorithm keyDecryptionProvider = null;
             Properties props = ResourceUtils.loadProperties(propLoc, bus);
             if (JwkUtils.JWK_KEY_STORE_TYPE.equals(props.get(CryptoUtils.RSSEC_KEY_STORE_TYPE)))
{
                 //TODO: Private JWK sets can be JWE encrypted
                 JsonWebKey jwk = JwkUtils.loadJsonWebKey(m, props);
-                pk = jwk.toRSAPrivateKey();
+                if (JsonWebKey.KEY_TYPE_RSA.equals(jwk.getKeyType())) {
+                    keyDecryptionProvider = new RSAOaepKeyDecryptionAlgorithm(jwk.toRSAPrivateKey());
+                } else if (JsonWebKey.KEY_TYPE_OCTET.equals(jwk.getKeyType())) {
+                    SecretKey key = jwk.toSecretKey();
+                    // TODO: Introduce an algo family check
+                    if (Algorithm.A128KW.getJwtName().equals(jwk.getAlgorithm())) {
+                        keyDecryptionProvider = new AesWrapKeyDecryptionAlgorithm(key);
+                    }
+                    // etc
+                } else {
+                    // TODO: support elliptic curve keys
+                    throw new SecurityException();
+                }
             } else {
-                pk = (RSAPrivateKey)CryptoUtils.loadPrivateKey(m, props, 
-                                                              CryptoUtils.RSSEC_DECRYPT_KEY_PSWD_PROVIDER);
+                keyDecryptionProvider = new RSAOaepKeyDecryptionAlgorithm(
+                    (RSAPrivateKey)CryptoUtils.loadPrivateKey(m, props, CryptoUtils.RSSEC_DECRYPT_KEY_PSWD_PROVIDER));
             }
-            return new WrappedKeyJweDecryption(pk, cryptoProperties);
+            return new WrappedKeyJweDecryption(keyDecryptionProvider, cryptoProperties, null);
         } catch (SecurityException ex) {
             throw ex;
         } catch (Exception ex) {

http://git-wip-us.apache.org/repos/asf/cxf/blob/21a099e9/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/JweWriterInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/JweWriterInterceptor.java
b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/JweWriterInterceptor.java
index 52e36be..ac3338b 100644
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/JweWriterInterceptor.java
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/JweWriterInterceptor.java
@@ -26,6 +26,7 @@ import java.util.Properties;
 import java.util.zip.DeflaterOutputStream;
 
 import javax.annotation.Priority;
+import javax.crypto.SecretKey;
 import javax.ws.rs.WebApplicationException;
 import javax.ws.rs.core.MediaType;
 import javax.ws.rs.ext.WriterInterceptor;
@@ -38,15 +39,18 @@ import org.apache.cxf.jaxrs.utils.JAXRSUtils;
 import org.apache.cxf.jaxrs.utils.ResourceUtils;
 import org.apache.cxf.message.Message;
 import org.apache.cxf.message.MessageUtils;
+import org.apache.cxf.rs.security.oauth2.jwe.AesWrapKeyEncryptionAlgorithm;
 import org.apache.cxf.rs.security.oauth2.jwe.JweCompactProducer;
 import org.apache.cxf.rs.security.oauth2.jwe.JweEncryptionProvider;
 import org.apache.cxf.rs.security.oauth2.jwe.JweEncryptionState;
 import org.apache.cxf.rs.security.oauth2.jwe.JweHeaders;
 import org.apache.cxf.rs.security.oauth2.jwe.JweOutputStream;
+import org.apache.cxf.rs.security.oauth2.jwe.KeyEncryptionAlgorithm;
 import org.apache.cxf.rs.security.oauth2.jwe.RSAOaepKeyEncryptionAlgorithm;
 import org.apache.cxf.rs.security.oauth2.jwe.WrappedKeyJweEncryption;
 import org.apache.cxf.rs.security.oauth2.jwk.JsonWebKey;
 import org.apache.cxf.rs.security.oauth2.jwk.JwkUtils;
+import org.apache.cxf.rs.security.oauth2.jwt.Algorithm;
 import org.apache.cxf.rs.security.oauth2.jwt.JwtHeadersWriter;
 import org.apache.cxf.rs.security.oauth2.jwt.JwtTokenReaderWriter;
 import org.apache.cxf.rs.security.oauth2.utils.crypto.CryptoUtils;
@@ -119,29 +123,43 @@ public class JweWriterInterceptor implements WriterInterceptor {
         }
         Bus bus = m.getExchange().getBus();
         try {
-            RSAPublicKey pk = null;
-            String rsaKeyEncryptionAlgo = null;
-            
+            KeyEncryptionAlgorithm keyEncryptionProvider = null;
+            String keyEncryptionAlgo = null;
             Properties props = ResourceUtils.loadProperties(propLoc, bus);
             if (JwkUtils.JWK_KEY_STORE_TYPE.equals(props.get(CryptoUtils.RSSEC_KEY_STORE_TYPE)))
{
                 JsonWebKey jwk = JwkUtils.loadJsonWebKey(m, props);
-                pk = jwk.toRSAPublicKey();
-                rsaKeyEncryptionAlgo = jwk.getAlgorithm();
+                keyEncryptionAlgo = jwk.getAlgorithm();
+                // TODO: Put it into some factory code
+                if (JsonWebKey.KEY_TYPE_RSA.equals(jwk.getKeyType())) {
+                    keyEncryptionProvider = new RSAOaepKeyEncryptionAlgorithm(jwk.toRSAPublicKey());
+                } else if (JsonWebKey.KEY_TYPE_OCTET.equals(jwk.getKeyType())) {
+                    SecretKey key = jwk.toSecretKey();
+                    // TODO: Introduce an algo family check
+                    if (Algorithm.A128KW.getJwtName().equals(keyEncryptionAlgo)) {
+                        keyEncryptionProvider = new AesWrapKeyEncryptionAlgorithm(key, keyEncryptionAlgo);
+                    }
+                    // etc
+                } else {
+                    // TODO: support elliptic curve keys
+                    throw new SecurityException();
+                }
+                
             } else {
-                pk = (RSAPublicKey)CryptoUtils.loadPublicKey(m, props);
+                keyEncryptionProvider = new RSAOaepKeyEncryptionAlgorithm(
+                    (RSAPublicKey)CryptoUtils.loadPublicKey(m, props));
             }
-            if (rsaKeyEncryptionAlgo == null) {
-                rsaKeyEncryptionAlgo = props.getProperty(JSON_WEB_ENCRYPTION_KEY_ALGO_PROP);
+            if (keyEncryptionAlgo == null) {
+                keyEncryptionAlgo = props.getProperty(JSON_WEB_ENCRYPTION_KEY_ALGO_PROP);
             }
             
-            JweHeaders headers = new JweHeaders(rsaKeyEncryptionAlgo,
+            JweHeaders headers = new JweHeaders(keyEncryptionAlgo,
                                                 props.getProperty(JSON_WEB_ENCRYPTION_CEK_ALGO_PROP));
             String compression = props.getProperty(JSON_WEB_ENCRYPTION_ZIP_ALGO_PROP);
             if (compression != null) {
                 headers.setZipAlgorithm(compression);
             }
             
-            return new WrappedKeyJweEncryption(headers, new RSAOaepKeyEncryptionAlgorithm((RSAPublicKey)pk));
+            return new WrappedKeyJweEncryption(headers, keyEncryptionProvider);
         } catch (SecurityException ex) {
             throw ex;
         } catch (Exception ex) {

http://git-wip-us.apache.org/repos/asf/cxf/blob/21a099e9/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/CryptoUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/CryptoUtils.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/CryptoUtils.java
index dc2fef3..9519afc 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/CryptoUtils.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/CryptoUtils.java
@@ -107,8 +107,8 @@ public final class CryptoUtils {
     public static RSAPublicKey getRSAPublicKey(String encodedModulus,
                                                String encodedPublicExponent) {
         try {
-            return getRSAPublicKey(Base64UrlUtility.decode(encodedModulus),
-                                   Base64UrlUtility.decode(encodedPublicExponent));
+            return getRSAPublicKey(decodeSequence(encodedModulus),
+                                   decodeSequence(encodedPublicExponent));
         } catch (Exception ex) { 
             throw new SecurityException(ex);
         }
@@ -281,8 +281,8 @@ public final class CryptoUtils {
     public static RSAPrivateKey getRSAPrivateKey(String encodedModulus,
                                                  String encodedPrivateExponent) {
         try {
-            return getRSAPrivateKey(Base64UrlUtility.decode(encodedModulus),
-                                    Base64UrlUtility.decode(encodedPrivateExponent));
+            return getRSAPrivateKey(decodeSequence(encodedModulus),
+                                    decodeSequence(encodedPrivateExponent));
         } catch (Exception ex) { 
             throw new SecurityException(ex);
         }
@@ -311,14 +311,14 @@ public final class CryptoUtils {
                                                  String encodedCrtCoefficient) {
     //CHECKSTYLE:ON
         try {
-            return getRSAPrivateKey(Base64UrlUtility.decode(encodedModulus),
-                                    Base64UrlUtility.decode(encodedPublicExponent),
-                                    Base64UrlUtility.decode(encodedPrivateExponent),
-                                    Base64UrlUtility.decode(encodedPrimeP),
-                                    Base64UrlUtility.decode(encodedPrimeQ),
-                                    Base64UrlUtility.decode(encodedPrimeExpP),
-                                    Base64UrlUtility.decode(encodedPrimeExpQ),
-                                    Base64UrlUtility.decode(encodedCrtCoefficient));
+            return getRSAPrivateKey(decodeSequence(encodedModulus),
+                                    decodeSequence(encodedPublicExponent),
+                                    decodeSequence(encodedPrivateExponent),
+                                    decodeSequence(encodedPrimeP),
+                                    decodeSequence(encodedPrimeQ),
+                                    decodeSequence(encodedPrimeExpP),
+                                    decodeSequence(encodedPrimeExpQ),
+                                    decodeSequence(encodedCrtCoefficient));
         } catch (Exception ex) { 
             throw new SecurityException(ex);
         }
@@ -359,7 +359,7 @@ public final class CryptoUtils {
     
     public static ECPrivateKey getECPrivateKey(String encodedPrivateKey) {
         try {
-            return getECPrivateKey(Base64UrlUtility.decode(encodedPrivateKey));
+            return getECPrivateKey(decodeSequence(encodedPrivateKey));
         } catch (Exception ex) { 
             throw new SecurityException(ex);
         }
@@ -386,8 +386,8 @@ public final class CryptoUtils {
     
     public static ECPublicKey getECPublicKey(String encodedXPoint, String encodedYPoint)
{
         try {
-            return getECPublicKey(Base64UrlUtility.decode(encodedXPoint),
-                                  Base64UrlUtility.decode(encodedYPoint));
+            return getECPublicKey(decodeSequence(encodedXPoint),
+                                  decodeSequence(encodedYPoint));
         } catch (Exception ex) { 
             throw new SecurityException(ex);
         }
@@ -736,10 +736,12 @@ public final class CryptoUtils {
         return createSecretKeySpec(descryptedBytes, secretKeyAlgo);
     }
     
+    public static SecretKey createSecretKeySpec(String encodedBytes, String algo) {
+        return new SecretKeySpec(decodeSequence(encodedBytes), algo);
+    }
     public static SecretKey createSecretKeySpec(byte[] bytes, String algo) {
         return new SecretKeySpec(bytes, convertJCECipherToSecretKeyName(algo));
     }
-    
     public static byte[] decodeSequence(String encodedSequence) throws SecurityException
{
         try {
             return Base64UrlUtility.decode(encodedSequence);

http://git-wip-us.apache.org/repos/asf/cxf/blob/21a099e9/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JAXRSJweJwsTest.java
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JAXRSJweJwsTest.java
b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JAXRSJweJwsTest.java
index d339a3e..85bcf36 100644
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JAXRSJweJwsTest.java
+++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JAXRSJweJwsTest.java
@@ -78,8 +78,8 @@ public class JAXRSJweJwsTest extends AbstractBusClientServerTestBase {
         Security.removeProvider(BouncyCastleProvider.class.getName());    
     }
     @Test
-    public void testJweJwk() throws Exception {
-        String address = "https://localhost:" + PORT + "/jwejwk";
+    public void testJweJwkRSA() throws Exception {
+        String address = "https://localhost:" + PORT + "/jwejwkrsa";
         JAXRSClientFactoryBean bean = new JAXRSClientFactoryBean();
         SpringBusFactory bf = new SpringBusFactory();
         URL busFile = JAXRSJweJwsTest.class.getResource("client.xml");
@@ -102,6 +102,28 @@ public class JAXRSJweJwsTest extends AbstractBusClientServerTestBase
{
         assertEquals("book", text);
     }
     @Test
+    public void testJweJwkAesWrap() throws Exception {
+        String address = "https://localhost:" + PORT + "/jwejwkaeswrap";
+        JAXRSClientFactoryBean bean = new JAXRSClientFactoryBean();
+        SpringBusFactory bf = new SpringBusFactory();
+        URL busFile = JAXRSJweJwsTest.class.getResource("client.xml");
+        Bus springBus = bf.createBus(busFile.toString());
+        bean.setBus(springBus);
+        bean.setServiceClass(BookStore.class);
+        bean.setAddress(address);
+        List<Object> providers = new LinkedList<Object>();
+        JweWriterInterceptor jweWriter = new JweWriterInterceptor();
+        jweWriter.setUseJweOutputStream(true);
+        providers.add(jweWriter);
+        providers.add(new JweClientResponseFilter());
+        bean.setProviders(providers);
+        bean.getProperties(true).put("rs.security.encryption.properties",
+                                     "org/apache/cxf/systest/jaxrs/security/secret.jwk.properties");
+        BookStore bs = bean.create(BookStore.class);
+        String text = bs.echoText("book");
+        assertEquals("book", text);
+    }
+    @Test
     public void testJweRsaJwsRsa() throws Exception {
         String address = "https://localhost:" + PORT + "/jwejwsrsa";
         doTestJweJwsRsa(address, null);

http://git-wip-us.apache.org/repos/asf/cxf/blob/21a099e9/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/server.xml
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/server.xml
b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/server.xml
index 55bf214..eaa9949 100644
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/server.xml
+++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/server.xml
@@ -101,7 +101,7 @@ under the License.
             <entry key="rs.security.decryption.key.password.provider" value-ref="keyPasswordProvider"/>
         </jaxrs:properties>
     </jaxrs:server>
-    <jaxrs:server address="https://localhost:${testutil.ports.jaxrs-jwt}/jwejwk">
+    <jaxrs:server address="https://localhost:${testutil.ports.jaxrs-jwt}/jwejwkrsa">
         <jaxrs:serviceBeans>
             <ref bean="serviceBean"/>
         </jaxrs:serviceBeans>
@@ -114,6 +114,18 @@ under the License.
             <entry key="rs.security.encryption.out.properties" value="org/apache/cxf/systest/jaxrs/security/bob.jwk.properties"/>
         </jaxrs:properties>
     </jaxrs:server>
+    <jaxrs:server address="https://localhost:${testutil.ports.jaxrs-jwt}/jwejwkaeswrap">
+        <jaxrs:serviceBeans>
+            <ref bean="serviceBean"/>
+        </jaxrs:serviceBeans>
+        <jaxrs:providers>
+            <ref bean="jweInFilter"/>
+            <ref bean="jweOutFilter"/>
+        </jaxrs:providers>
+        <jaxrs:properties>
+            <entry key="rs.security.encryption.properties" value="org/apache/cxf/systest/jaxrs/security/secret.jwk.properties"/>
+        </jaxrs:properties>
+    </jaxrs:server>
     <jaxrs:server address="https://localhost:${testutil.ports.jaxrs-jwt}/jwejwshmac">
         <jaxrs:serviceBeans>
             <ref bean="serviceBean"/>

http://git-wip-us.apache.org/repos/asf/cxf/blob/21a099e9/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet.txt
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet.txt
b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet.txt
index cc336cc..491e57b 100644
--- a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet.txt
+++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet.txt
@@ -4,6 +4,11 @@
           "n":"oahUIoWw0K0usKNuOR6H4wkf4oBUXHTxRvgb48E-BVvxkeDNjbC4he8rUWcJoZmds2h7M70imEVhRU5djINXtqllXI4DFqcI1DgjT9LewND8MW2Krf3Spsk_ZkoFnilakGygTwpZ3uesH-PFABNIUYpOiN15dsQRkgr0vEhxN92i2asbOenSZeyaxziK72UwxrrKoExv6kc5twXTq4h-QChLOln0_mtUZwfsRaMStPs6mS6XrgxnxbWhojf663tuEQueGC-FCMfra36C9knDFGzKsNa7LZK2djYgyD3JR_MB_4NUJW_TqOQtwHYbxevoJArm-L5StowjzGy-_bq6Gw",
           "e":"AQAB",
           "d":"kLdtIj6GbDks_ApCSTYQtelcNttlKiOyPzMrXHeI-yk1F7-kpDxY4-WY5NWV5KntaEeXS1j82E375xxhWMHXyvjYecPT9fpwR_M9gV8n9Hrh2anTpTD93Dt62ypW3yDsJzBnTnrYu1iwWRgBKrEYY46qAZIrA2xAwnm2X7uGR1hghkqDp0Vqj3kbSCz1XyfCs6_LehBwtxHIyh8Ripy40p24moOAbgxVw3rxT_vlt3UVe4WO3JkJOzlpUf-KTVI2Ptgm-dARxTEtE-id-4OJr0h-K-VFs3VSndVTIznSxfyrj8ILL6MG_Uv8YAu7VILSB3lOW085-4qE3DzgrTjgyQ",
-          "kid":"2011-04-29"}
+          "kid":"2011-04-29"},
+          
+         {"kty":"oct",
+          "alg":"A128KW",
+          "k":"GawgguFyGrWKav7AX4VKUg",
+          "kid":"AesWrapKey"} 
        ]
      }

http://git-wip-us.apache.org/repos/asf/cxf/blob/21a099e9/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/secret.jwk.properties
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/secret.jwk.properties
b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/secret.jwk.properties
new file mode 100644
index 0000000..2016b2d
--- /dev/null
+++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/secret.jwk.properties
@@ -0,0 +1,21 @@
+#    Licensed to the Apache Software Foundation (ASF) under one
+#    or more contributor license agreements. See the NOTICE file
+#    distributed with this work for additional information
+#    regarding copyright ownership. The ASF licenses this file
+#    to you under the Apache License, Version 2.0 (the
+#    "License"); you may not use this file except in compliance
+#    with the License. You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing,
+#    software distributed under the License is distributed on an
+#    "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+#    KIND, either express or implied. See the License for the
+#    specific language governing permissions and limitations
+#    under the License.
+rs.security.keystore.type=jwk
+rs.security.keystore.alias=AesWrapKey
+rs.security.keystore.file=org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet.txt
+rs.security.jwe.content.encryption.algorithm=A128GCM
+rs.security.jwe.key.encryption.algorithm=A128KW


Mime
View raw message