Return-Path: X-Original-To: apmail-cxf-commits-archive@www.apache.org Delivered-To: apmail-cxf-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id B77FE11680 for ; Fri, 5 Sep 2014 16:39:29 +0000 (UTC) Received: (qmail 67297 invoked by uid 500); 5 Sep 2014 16:39:28 -0000 Delivered-To: apmail-cxf-commits-archive@cxf.apache.org Received: (qmail 67212 invoked by uid 500); 5 Sep 2014 16:39:28 -0000 Mailing-List: contact commits-help@cxf.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cxf.apache.org Delivered-To: mailing list commits@cxf.apache.org Received: (qmail 67189 invoked by uid 99); 5 Sep 2014 16:39:28 -0000 Received: from tyr.zones.apache.org (HELO tyr.zones.apache.org) (140.211.11.114) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 05 Sep 2014 16:39:28 +0000 Received: by tyr.zones.apache.org (Postfix, from userid 65534) id 63DDBA0A74F; Fri, 5 Sep 2014 16:39:28 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: sergeyb@apache.org To: commits@cxf.apache.org Message-Id: X-Mailer: ASF-Git Admin Mailer Subject: git commit: [CXF-5954] Adding a system test with JWK AesWrap Date: Fri, 5 Sep 2014 16:39:28 +0000 (UTC) Repository: cxf Updated Branches: refs/heads/master 640113292 -> 21a099e9b [CXF-5954] Adding a system test with JWK AesWrap Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/21a099e9 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/21a099e9 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/21a099e9 Branch: refs/heads/master Commit: 21a099e9b66964ff6f41786272c16652c6e209ed Parents: 6401132 Author: Sergey Beryozkin Authored: Fri Sep 5 17:39:09 2014 +0100 Committer: Sergey Beryozkin Committed: Fri Sep 5 17:39:09 2014 +0100 ---------------------------------------------------------------------- .../oauth2/jwe/ContentEncryptionAlgorithm.java | 2 +- .../jwe/ContentEncryptionCipherProperties.java | 2 +- .../oauth2/jwe/KeyEncryptionAlgorithm.java | 2 +- .../cxf/rs/security/oauth2/jwk/JsonWebKey.java | 7 ++++ .../jwt/jaxrs/AbstractJweDecryptingFilter.java | 28 ++++++++++++--- .../oauth2/jwt/jaxrs/JweWriterInterceptor.java | 38 ++++++++++++++------ .../oauth2/utils/crypto/CryptoUtils.java | 34 +++++++++--------- .../jaxrs/security/jwt/JAXRSJweJwsTest.java | 26 ++++++++++++-- .../cxf/systest/jaxrs/security/jwt/server.xml | 14 +++++++- .../jaxrs/security/certs/jwkPrivateSet.txt | 7 +++- .../jaxrs/security/secret.jwk.properties | 21 +++++++++++ 11 files changed, 143 insertions(+), 38 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/21a099e9/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/ContentEncryptionAlgorithm.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/ContentEncryptionAlgorithm.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/ContentEncryptionAlgorithm.java index 1fcf25c..e76f8c9 100644 --- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/ContentEncryptionAlgorithm.java +++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/ContentEncryptionAlgorithm.java @@ -20,7 +20,7 @@ package org.apache.cxf.rs.security.oauth2.jwe; -interface ContentEncryptionAlgorithm extends ContentEncryptionCipherProperties { +public interface ContentEncryptionAlgorithm extends ContentEncryptionCipherProperties { byte[] getInitVector(); byte[] getContentEncryptionKey(JweHeaders headers); } http://git-wip-us.apache.org/repos/asf/cxf/blob/21a099e9/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/ContentEncryptionCipherProperties.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/ContentEncryptionCipherProperties.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/ContentEncryptionCipherProperties.java index 6cbe869..aae888a 100644 --- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/ContentEncryptionCipherProperties.java +++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/ContentEncryptionCipherProperties.java @@ -21,7 +21,7 @@ package org.apache.cxf.rs.security.oauth2.jwe; import java.security.spec.AlgorithmParameterSpec; -interface ContentEncryptionCipherProperties { +public interface ContentEncryptionCipherProperties { byte[] getAdditionalAuthenticationData(String headersJson); AlgorithmParameterSpec getAlgorithmParameterSpec(byte[] iv); } http://git-wip-us.apache.org/repos/asf/cxf/blob/21a099e9/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/KeyEncryptionAlgorithm.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/KeyEncryptionAlgorithm.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/KeyEncryptionAlgorithm.java index 2bc4d16..55c066e 100644 --- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/KeyEncryptionAlgorithm.java +++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/KeyEncryptionAlgorithm.java @@ -19,6 +19,6 @@ package org.apache.cxf.rs.security.oauth2.jwe; -interface KeyEncryptionAlgorithm { +public interface KeyEncryptionAlgorithm { byte[] getEncryptedContentEncryptionKey(JweHeaders headers, byte[] cek); } http://git-wip-us.apache.org/repos/asf/cxf/blob/21a099e9/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwk/JsonWebKey.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwk/JsonWebKey.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwk/JsonWebKey.java index 7e3e7a1..4131b46 100644 --- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwk/JsonWebKey.java +++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwk/JsonWebKey.java @@ -23,8 +23,11 @@ import java.security.interfaces.RSAPublicKey; import java.util.List; import java.util.Map; +import javax.crypto.SecretKey; + import org.apache.cxf.helpers.CastUtils; import org.apache.cxf.rs.security.oauth2.jwt.AbstractJwtObject; +import org.apache.cxf.rs.security.oauth2.jwt.Algorithm; import org.apache.cxf.rs.security.oauth2.jwt.JwtConstants; import org.apache.cxf.rs.security.oauth2.utils.crypto.CryptoUtils; @@ -187,5 +190,9 @@ public class JsonWebKey extends AbstractJwtObject { encodedCrtCoefficient); } } + public SecretKey toSecretKey() { + return CryptoUtils.createSecretKeySpec((String)getProperty(OCTET_KEY_VALUE), + Algorithm.toJavaName(getAlgorithm())); + } } http://git-wip-us.apache.org/repos/asf/cxf/blob/21a099e9/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/AbstractJweDecryptingFilter.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/AbstractJweDecryptingFilter.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/AbstractJweDecryptingFilter.java index 34da71e..a7d5fd8 100644 --- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/AbstractJweDecryptingFilter.java +++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/AbstractJweDecryptingFilter.java @@ -23,19 +23,25 @@ import java.io.InputStream; import java.security.interfaces.RSAPrivateKey; import java.util.Properties; +import javax.crypto.SecretKey; + import org.apache.cxf.Bus; import org.apache.cxf.helpers.IOUtils; import org.apache.cxf.jaxrs.utils.JAXRSUtils; import org.apache.cxf.jaxrs.utils.ResourceUtils; import org.apache.cxf.message.Message; import org.apache.cxf.message.MessageUtils; +import org.apache.cxf.rs.security.oauth2.jwe.AesWrapKeyDecryptionAlgorithm; import org.apache.cxf.rs.security.oauth2.jwe.JweCryptoProperties; import org.apache.cxf.rs.security.oauth2.jwe.JweDecryptionOutput; import org.apache.cxf.rs.security.oauth2.jwe.JweDecryptionProvider; import org.apache.cxf.rs.security.oauth2.jwe.JweHeaders; +import org.apache.cxf.rs.security.oauth2.jwe.RSAOaepKeyDecryptionAlgorithm; +import org.apache.cxf.rs.security.oauth2.jwe.WrappedKeyDecryptionAlgorithm; import org.apache.cxf.rs.security.oauth2.jwe.WrappedKeyJweDecryption; import org.apache.cxf.rs.security.oauth2.jwk.JsonWebKey; import org.apache.cxf.rs.security.oauth2.jwk.JwkUtils; +import org.apache.cxf.rs.security.oauth2.jwt.Algorithm; import org.apache.cxf.rs.security.oauth2.utils.crypto.CryptoUtils; public class AbstractJweDecryptingFilter { @@ -70,17 +76,29 @@ public class AbstractJweDecryptingFilter { } Bus bus = m.getExchange().getBus(); try { - RSAPrivateKey pk = null; + WrappedKeyDecryptionAlgorithm keyDecryptionProvider = null; Properties props = ResourceUtils.loadProperties(propLoc, bus); if (JwkUtils.JWK_KEY_STORE_TYPE.equals(props.get(CryptoUtils.RSSEC_KEY_STORE_TYPE))) { //TODO: Private JWK sets can be JWE encrypted JsonWebKey jwk = JwkUtils.loadJsonWebKey(m, props); - pk = jwk.toRSAPrivateKey(); + if (JsonWebKey.KEY_TYPE_RSA.equals(jwk.getKeyType())) { + keyDecryptionProvider = new RSAOaepKeyDecryptionAlgorithm(jwk.toRSAPrivateKey()); + } else if (JsonWebKey.KEY_TYPE_OCTET.equals(jwk.getKeyType())) { + SecretKey key = jwk.toSecretKey(); + // TODO: Introduce an algo family check + if (Algorithm.A128KW.getJwtName().equals(jwk.getAlgorithm())) { + keyDecryptionProvider = new AesWrapKeyDecryptionAlgorithm(key); + } + // etc + } else { + // TODO: support elliptic curve keys + throw new SecurityException(); + } } else { - pk = (RSAPrivateKey)CryptoUtils.loadPrivateKey(m, props, - CryptoUtils.RSSEC_DECRYPT_KEY_PSWD_PROVIDER); + keyDecryptionProvider = new RSAOaepKeyDecryptionAlgorithm( + (RSAPrivateKey)CryptoUtils.loadPrivateKey(m, props, CryptoUtils.RSSEC_DECRYPT_KEY_PSWD_PROVIDER)); } - return new WrappedKeyJweDecryption(pk, cryptoProperties); + return new WrappedKeyJweDecryption(keyDecryptionProvider, cryptoProperties, null); } catch (SecurityException ex) { throw ex; } catch (Exception ex) { http://git-wip-us.apache.org/repos/asf/cxf/blob/21a099e9/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/JweWriterInterceptor.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/JweWriterInterceptor.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/JweWriterInterceptor.java index 52e36be..ac3338b 100644 --- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/JweWriterInterceptor.java +++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/JweWriterInterceptor.java @@ -26,6 +26,7 @@ import java.util.Properties; import java.util.zip.DeflaterOutputStream; import javax.annotation.Priority; +import javax.crypto.SecretKey; import javax.ws.rs.WebApplicationException; import javax.ws.rs.core.MediaType; import javax.ws.rs.ext.WriterInterceptor; @@ -38,15 +39,18 @@ import org.apache.cxf.jaxrs.utils.JAXRSUtils; import org.apache.cxf.jaxrs.utils.ResourceUtils; import org.apache.cxf.message.Message; import org.apache.cxf.message.MessageUtils; +import org.apache.cxf.rs.security.oauth2.jwe.AesWrapKeyEncryptionAlgorithm; import org.apache.cxf.rs.security.oauth2.jwe.JweCompactProducer; import org.apache.cxf.rs.security.oauth2.jwe.JweEncryptionProvider; import org.apache.cxf.rs.security.oauth2.jwe.JweEncryptionState; import org.apache.cxf.rs.security.oauth2.jwe.JweHeaders; import org.apache.cxf.rs.security.oauth2.jwe.JweOutputStream; +import org.apache.cxf.rs.security.oauth2.jwe.KeyEncryptionAlgorithm; import org.apache.cxf.rs.security.oauth2.jwe.RSAOaepKeyEncryptionAlgorithm; import org.apache.cxf.rs.security.oauth2.jwe.WrappedKeyJweEncryption; import org.apache.cxf.rs.security.oauth2.jwk.JsonWebKey; import org.apache.cxf.rs.security.oauth2.jwk.JwkUtils; +import org.apache.cxf.rs.security.oauth2.jwt.Algorithm; import org.apache.cxf.rs.security.oauth2.jwt.JwtHeadersWriter; import org.apache.cxf.rs.security.oauth2.jwt.JwtTokenReaderWriter; import org.apache.cxf.rs.security.oauth2.utils.crypto.CryptoUtils; @@ -119,29 +123,43 @@ public class JweWriterInterceptor implements WriterInterceptor { } Bus bus = m.getExchange().getBus(); try { - RSAPublicKey pk = null; - String rsaKeyEncryptionAlgo = null; - + KeyEncryptionAlgorithm keyEncryptionProvider = null; + String keyEncryptionAlgo = null; Properties props = ResourceUtils.loadProperties(propLoc, bus); if (JwkUtils.JWK_KEY_STORE_TYPE.equals(props.get(CryptoUtils.RSSEC_KEY_STORE_TYPE))) { JsonWebKey jwk = JwkUtils.loadJsonWebKey(m, props); - pk = jwk.toRSAPublicKey(); - rsaKeyEncryptionAlgo = jwk.getAlgorithm(); + keyEncryptionAlgo = jwk.getAlgorithm(); + // TODO: Put it into some factory code + if (JsonWebKey.KEY_TYPE_RSA.equals(jwk.getKeyType())) { + keyEncryptionProvider = new RSAOaepKeyEncryptionAlgorithm(jwk.toRSAPublicKey()); + } else if (JsonWebKey.KEY_TYPE_OCTET.equals(jwk.getKeyType())) { + SecretKey key = jwk.toSecretKey(); + // TODO: Introduce an algo family check + if (Algorithm.A128KW.getJwtName().equals(keyEncryptionAlgo)) { + keyEncryptionProvider = new AesWrapKeyEncryptionAlgorithm(key, keyEncryptionAlgo); + } + // etc + } else { + // TODO: support elliptic curve keys + throw new SecurityException(); + } + } else { - pk = (RSAPublicKey)CryptoUtils.loadPublicKey(m, props); + keyEncryptionProvider = new RSAOaepKeyEncryptionAlgorithm( + (RSAPublicKey)CryptoUtils.loadPublicKey(m, props)); } - if (rsaKeyEncryptionAlgo == null) { - rsaKeyEncryptionAlgo = props.getProperty(JSON_WEB_ENCRYPTION_KEY_ALGO_PROP); + if (keyEncryptionAlgo == null) { + keyEncryptionAlgo = props.getProperty(JSON_WEB_ENCRYPTION_KEY_ALGO_PROP); } - JweHeaders headers = new JweHeaders(rsaKeyEncryptionAlgo, + JweHeaders headers = new JweHeaders(keyEncryptionAlgo, props.getProperty(JSON_WEB_ENCRYPTION_CEK_ALGO_PROP)); String compression = props.getProperty(JSON_WEB_ENCRYPTION_ZIP_ALGO_PROP); if (compression != null) { headers.setZipAlgorithm(compression); } - return new WrappedKeyJweEncryption(headers, new RSAOaepKeyEncryptionAlgorithm((RSAPublicKey)pk)); + return new WrappedKeyJweEncryption(headers, keyEncryptionProvider); } catch (SecurityException ex) { throw ex; } catch (Exception ex) { http://git-wip-us.apache.org/repos/asf/cxf/blob/21a099e9/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/CryptoUtils.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/CryptoUtils.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/CryptoUtils.java index dc2fef3..9519afc 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/CryptoUtils.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/CryptoUtils.java @@ -107,8 +107,8 @@ public final class CryptoUtils { public static RSAPublicKey getRSAPublicKey(String encodedModulus, String encodedPublicExponent) { try { - return getRSAPublicKey(Base64UrlUtility.decode(encodedModulus), - Base64UrlUtility.decode(encodedPublicExponent)); + return getRSAPublicKey(decodeSequence(encodedModulus), + decodeSequence(encodedPublicExponent)); } catch (Exception ex) { throw new SecurityException(ex); } @@ -281,8 +281,8 @@ public final class CryptoUtils { public static RSAPrivateKey getRSAPrivateKey(String encodedModulus, String encodedPrivateExponent) { try { - return getRSAPrivateKey(Base64UrlUtility.decode(encodedModulus), - Base64UrlUtility.decode(encodedPrivateExponent)); + return getRSAPrivateKey(decodeSequence(encodedModulus), + decodeSequence(encodedPrivateExponent)); } catch (Exception ex) { throw new SecurityException(ex); } @@ -311,14 +311,14 @@ public final class CryptoUtils { String encodedCrtCoefficient) { //CHECKSTYLE:ON try { - return getRSAPrivateKey(Base64UrlUtility.decode(encodedModulus), - Base64UrlUtility.decode(encodedPublicExponent), - Base64UrlUtility.decode(encodedPrivateExponent), - Base64UrlUtility.decode(encodedPrimeP), - Base64UrlUtility.decode(encodedPrimeQ), - Base64UrlUtility.decode(encodedPrimeExpP), - Base64UrlUtility.decode(encodedPrimeExpQ), - Base64UrlUtility.decode(encodedCrtCoefficient)); + return getRSAPrivateKey(decodeSequence(encodedModulus), + decodeSequence(encodedPublicExponent), + decodeSequence(encodedPrivateExponent), + decodeSequence(encodedPrimeP), + decodeSequence(encodedPrimeQ), + decodeSequence(encodedPrimeExpP), + decodeSequence(encodedPrimeExpQ), + decodeSequence(encodedCrtCoefficient)); } catch (Exception ex) { throw new SecurityException(ex); } @@ -359,7 +359,7 @@ public final class CryptoUtils { public static ECPrivateKey getECPrivateKey(String encodedPrivateKey) { try { - return getECPrivateKey(Base64UrlUtility.decode(encodedPrivateKey)); + return getECPrivateKey(decodeSequence(encodedPrivateKey)); } catch (Exception ex) { throw new SecurityException(ex); } @@ -386,8 +386,8 @@ public final class CryptoUtils { public static ECPublicKey getECPublicKey(String encodedXPoint, String encodedYPoint) { try { - return getECPublicKey(Base64UrlUtility.decode(encodedXPoint), - Base64UrlUtility.decode(encodedYPoint)); + return getECPublicKey(decodeSequence(encodedXPoint), + decodeSequence(encodedYPoint)); } catch (Exception ex) { throw new SecurityException(ex); } @@ -736,10 +736,12 @@ public final class CryptoUtils { return createSecretKeySpec(descryptedBytes, secretKeyAlgo); } + public static SecretKey createSecretKeySpec(String encodedBytes, String algo) { + return new SecretKeySpec(decodeSequence(encodedBytes), algo); + } public static SecretKey createSecretKeySpec(byte[] bytes, String algo) { return new SecretKeySpec(bytes, convertJCECipherToSecretKeyName(algo)); } - public static byte[] decodeSequence(String encodedSequence) throws SecurityException { try { return Base64UrlUtility.decode(encodedSequence); http://git-wip-us.apache.org/repos/asf/cxf/blob/21a099e9/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JAXRSJweJwsTest.java ---------------------------------------------------------------------- diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JAXRSJweJwsTest.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JAXRSJweJwsTest.java index d339a3e..85bcf36 100644 --- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JAXRSJweJwsTest.java +++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JAXRSJweJwsTest.java @@ -78,8 +78,8 @@ public class JAXRSJweJwsTest extends AbstractBusClientServerTestBase { Security.removeProvider(BouncyCastleProvider.class.getName()); } @Test - public void testJweJwk() throws Exception { - String address = "https://localhost:" + PORT + "/jwejwk"; + public void testJweJwkRSA() throws Exception { + String address = "https://localhost:" + PORT + "/jwejwkrsa"; JAXRSClientFactoryBean bean = new JAXRSClientFactoryBean(); SpringBusFactory bf = new SpringBusFactory(); URL busFile = JAXRSJweJwsTest.class.getResource("client.xml"); @@ -102,6 +102,28 @@ public class JAXRSJweJwsTest extends AbstractBusClientServerTestBase { assertEquals("book", text); } @Test + public void testJweJwkAesWrap() throws Exception { + String address = "https://localhost:" + PORT + "/jwejwkaeswrap"; + JAXRSClientFactoryBean bean = new JAXRSClientFactoryBean(); + SpringBusFactory bf = new SpringBusFactory(); + URL busFile = JAXRSJweJwsTest.class.getResource("client.xml"); + Bus springBus = bf.createBus(busFile.toString()); + bean.setBus(springBus); + bean.setServiceClass(BookStore.class); + bean.setAddress(address); + List providers = new LinkedList(); + JweWriterInterceptor jweWriter = new JweWriterInterceptor(); + jweWriter.setUseJweOutputStream(true); + providers.add(jweWriter); + providers.add(new JweClientResponseFilter()); + bean.setProviders(providers); + bean.getProperties(true).put("rs.security.encryption.properties", + "org/apache/cxf/systest/jaxrs/security/secret.jwk.properties"); + BookStore bs = bean.create(BookStore.class); + String text = bs.echoText("book"); + assertEquals("book", text); + } + @Test public void testJweRsaJwsRsa() throws Exception { String address = "https://localhost:" + PORT + "/jwejwsrsa"; doTestJweJwsRsa(address, null); http://git-wip-us.apache.org/repos/asf/cxf/blob/21a099e9/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/server.xml ---------------------------------------------------------------------- diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/server.xml b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/server.xml index 55bf214..eaa9949 100644 --- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/server.xml +++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/server.xml @@ -101,7 +101,7 @@ under the License. - + @@ -114,6 +114,18 @@ under the License. + + + + + + + + + + + + http://git-wip-us.apache.org/repos/asf/cxf/blob/21a099e9/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet.txt ---------------------------------------------------------------------- diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet.txt b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet.txt index cc336cc..491e57b 100644 --- a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet.txt +++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet.txt @@ -4,6 +4,11 @@ "n":"oahUIoWw0K0usKNuOR6H4wkf4oBUXHTxRvgb48E-BVvxkeDNjbC4he8rUWcJoZmds2h7M70imEVhRU5djINXtqllXI4DFqcI1DgjT9LewND8MW2Krf3Spsk_ZkoFnilakGygTwpZ3uesH-PFABNIUYpOiN15dsQRkgr0vEhxN92i2asbOenSZeyaxziK72UwxrrKoExv6kc5twXTq4h-QChLOln0_mtUZwfsRaMStPs6mS6XrgxnxbWhojf663tuEQueGC-FCMfra36C9knDFGzKsNa7LZK2djYgyD3JR_MB_4NUJW_TqOQtwHYbxevoJArm-L5StowjzGy-_bq6Gw", "e":"AQAB", "d":"kLdtIj6GbDks_ApCSTYQtelcNttlKiOyPzMrXHeI-yk1F7-kpDxY4-WY5NWV5KntaEeXS1j82E375xxhWMHXyvjYecPT9fpwR_M9gV8n9Hrh2anTpTD93Dt62ypW3yDsJzBnTnrYu1iwWRgBKrEYY46qAZIrA2xAwnm2X7uGR1hghkqDp0Vqj3kbSCz1XyfCs6_LehBwtxHIyh8Ripy40p24moOAbgxVw3rxT_vlt3UVe4WO3JkJOzlpUf-KTVI2Ptgm-dARxTEtE-id-4OJr0h-K-VFs3VSndVTIznSxfyrj8ILL6MG_Uv8YAu7VILSB3lOW085-4qE3DzgrTjgyQ", - "kid":"2011-04-29"} + "kid":"2011-04-29"}, + + {"kty":"oct", + "alg":"A128KW", + "k":"GawgguFyGrWKav7AX4VKUg", + "kid":"AesWrapKey"} ] } http://git-wip-us.apache.org/repos/asf/cxf/blob/21a099e9/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/secret.jwk.properties ---------------------------------------------------------------------- diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/secret.jwk.properties b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/secret.jwk.properties new file mode 100644 index 0000000..2016b2d --- /dev/null +++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/secret.jwk.properties @@ -0,0 +1,21 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +rs.security.keystore.type=jwk +rs.security.keystore.alias=AesWrapKey +rs.security.keystore.file=org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet.txt +rs.security.jwe.content.encryption.algorithm=A128GCM +rs.security.jwe.key.encryption.algorithm=A128KW