cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject [01/10] [CXF-5944] Finalizing the current round of refactorings with introducing a dedicated rt rs security module, idea from Luigi Lo Iacono
Date Mon, 06 Oct 2014 17:30:38 GMT
Repository: cxf
Updated Branches:
  refs/heads/3.0.x-fixes 4765a07b3 -> 8be780444


http://git-wip-us.apache.org/repos/asf/cxf/blob/8be78044/rt/rs/security/oauth-parent/oauth2-jose/src/test/java/org/apache/cxf/rs/security/jose/jwk/jwkSecretSet.txt
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jose/src/test/java/org/apache/cxf/rs/security/jose/jwk/jwkSecretSet.txt
b/rt/rs/security/oauth-parent/oauth2-jose/src/test/java/org/apache/cxf/rs/security/jose/jwk/jwkSecretSet.txt
deleted file mode 100644
index 6520c75..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jose/src/test/java/org/apache/cxf/rs/security/jose/jwk/jwkSecretSet.txt
+++ /dev/null
@@ -1,13 +0,0 @@
-{"keys":
-       [
-         {"kty":"oct",
-          "alg":"A128KW",
-          "k":"GawgguFyGrWKav7AX4VKUg",
-          "kid":"AesWrapKey"},
-
-         {"kty":"oct",
-          "alg":"HS256",
-          "k":"AyM1SysPpbyDfgZld3umj1qzKObwVMkoqQ-EstJQLr_T-1qS0gZH75aKtMN3Yj0iPS4hcgUuTwjAzZr1Z9CAow",
-          "kid":"HMACKey"}
-       ]
-     }
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/cxf/blob/8be78044/rt/rs/security/oauth-parent/oauth2-jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsCompactHeaderTest.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsCompactHeaderTest.java
b/rt/rs/security/oauth-parent/oauth2-jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsCompactHeaderTest.java
deleted file mode 100644
index 0cc0a07..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsCompactHeaderTest.java
+++ /dev/null
@@ -1,147 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jws;
-
-import org.junit.Assert;
-import org.junit.Test;
-
-public class JwsCompactHeaderTest extends Assert {
-
-    /**
-     * JWS string, which lacks the "alg" header field.
-     * 
-     * => Must be rejected by verification operation, since the spec declares
-     * that the "alg" header field must be present in the compact serialization.
-     */
-    public static final String MISSING_ALG_HEADER_FIELD_IN_JWS = 
-        "eyAiZ2xhIiA6ICJDQU1IIiB9.eyAibXNnIjogIllvdSBjYW4ndCB0b3VjaCB0aGlzISIgfQ"
-        + ".Sqd_AuwlPPqv4L1EV4zPuR-HfFJpe9kOfvc597RlcoE";
-
-    /**
-     * JWS string, which contains two "alg" header fields. Bogus "alg" header
-     * field first.
-     * 
-     * => Must be rejected by verification operation, since the spec declares
-     * that the "alg" header field must be present once in the compact
-     * serialization.
-     */
-    public static final String TWO_ALG_HEADER_FIELDS_IN_JWS_BOGUS_FIRST = 
-        "eyAiYWxnIjogIkJvZ3VzIiwgImFsZyI6ICJIUzI1NiIgfQ.eyAibXNnIjogIllvdSBjYW4ndCB0b3VjaCB0aGlzISIgfQ"
-        + ".FIgpDi1Wp9iIxxXfBw8Zce2kiZ8gmqAaVYPduRFR8kU";
-
-    /**
-     * JWS string, which contains two "alg" header fields. Bogus "alg" header
-     * field last.
-     * 
-     * => Must be rejected by verification operation, since the spec declares
-     * that the "alg" header field must be present once in the compact
-     * serialization.
-     */
-    public static final String TWO_ALG_HEADER_FIELDS_IN_JWS_BOGUS_LAST = 
-        "eyAiYWxnIjogIkhTMjU2IiwgImFsZyI6ICJCb2d1cyIgfQ.eyAibXNnIjogIllvdSBjYW4ndCB0b3VjaCB0aGlzISIgfQ"
-        + ".Ftwla-nAg0Nty8ILVhjlIETOy2Tw1JsD3bBq55AS0PU";
-
-    /**
-     * JWS string, which contains an invalid "alg" header field value.
-     * 
-     * (1): Algorithm not supported/known
-     * 
-     * => Must be rejected by verification operation, since the spec declares
-     * that the signature is not valid if the "alg" value does not represent a
-     * supported algorithm. "alg" values should either be registered in the IANA
-     * JSON Web Signature and Encryption Algorithms registry defined in JWA or
-     * be a value that contains a Collision-Resistant Name.
-     */
-    public static final String INVALID_ALG_HEADER_VALUE_IN_JWS_1 = "tba";
-
-    /**
-     * JWS string, which contains an invalid "alg" header field value.
-     * 
-     * (2): Wrong value encoding
-     * 
-     * => Must be rejected by verification operation, since the spec declares
-     * that the "alg" value is a case-sensitive string containing a StringOrURI
-     * value.
-     */
-    public static final String INVALID_ALG_HEADER_VALUE_IN_JWS_2 = "tba";
-
-    /**
-     * JWS string, which contains a "alg" header field value of "none". The
-     * signature has been generated with "HS256" and the signed JWS has been
-     * altered afterwards to the value "none".
-     * 
-     * => Must be rejected by verification operation, since the "none" algorithm
-     * is considered harmful.
-     */
-    public static final String ALG_HEADER_VALUE_HS256_IN_JWS = 
-        "eyAiYWxnIjogIkhTMjU2IiB9"
-        + ".eyAibXNnIjogIllvdSBjYW4ndCB0b3VjaCB0aGlzISIgfQ"
-        + ".as_gclokwAmukh3zVF1X5sUCCfSc8TbjDdhdvk6C5c8";
-    public static final String ALG_HEADER_VALUE_NONE_IN_JWS = 
-        "eyAiYWxnIjogIm5vbmUiIH0"
-        + ".eyAibXNnIjogIllvdSBjYW4ndCB0b3VjaCB0aGlzISIgfQ"
-        + ".as_gclokwAmukh3zVF1X5sUCCfSc8TbjDdhdvk6C5c8";
-
-    
-    /**
-     * Support material (keys, etc.)
-     */
-    private static final String ENCODED_MAC_KEY = "AyM1SysPpbyDfgZld3umj1qzKObwVMkoqQ-EstJQLr_T-1qS0gZH75"
-                    + "aKtMN3Yj0iPS4hcgUuTwjAzZr1Z9CAow";
-    
-    // JWS string, which contains crit header field
-    // JWS string, which contains more than three parts
-    // JWS string, which contains less than three parts
-    // JWS string, which contains null bytes padding
-
-    @Test
-    public void verifyJwsWithMissingAlgHeaderField() throws Exception {
-        JwsCompactConsumer jwsConsumer = new JwsCompactConsumer(MISSING_ALG_HEADER_FIELD_IN_JWS);
-
-        assertFalse(jwsConsumer.verifySignatureWith(new HmacJwsSignatureVerifier(ENCODED_MAC_KEY)));
-    }
-
-    @Test
-    public void verifyJwsWithTwoAlgHeaderFieldsBogusFieldFirst() throws Exception {
-        JwsCompactConsumer jwsConsumer = new JwsCompactConsumer(TWO_ALG_HEADER_FIELDS_IN_JWS_BOGUS_FIRST);
-
-        assertFalse(jwsConsumer.verifySignatureWith(new HmacJwsSignatureVerifier(ENCODED_MAC_KEY)));
-    }
-
-    @Test
-    public void verifyJwsWithTwoAlgHeaderFieldsBogusFieldLast() throws Exception {
-        JwsCompactConsumer jwsConsumer = new JwsCompactConsumer(TWO_ALG_HEADER_FIELDS_IN_JWS_BOGUS_LAST);
-
-        assertFalse(jwsConsumer.verifySignatureWith(new HmacJwsSignatureVerifier(ENCODED_MAC_KEY)));
-    }
-    
-    @Test
-    public void verifyJwsWithAlgHeaderValueNone() throws Exception {
-        JwsCompactConsumer jwsConsumerOriginal = new JwsCompactConsumer(ALG_HEADER_VALUE_HS256_IN_JWS);
-        
-        JwsCompactConsumer jwsConsumerAltered = new JwsCompactConsumer(ALG_HEADER_VALUE_NONE_IN_JWS);
-
-        assertTrue(jwsConsumerOriginal.verifySignatureWith(new HmacJwsSignatureVerifier(ENCODED_MAC_KEY)));
-        
-        assertFalse(jwsConsumerAltered.verifySignatureWith(new HmacJwsSignatureVerifier(ENCODED_MAC_KEY)));
-    }
-
-    
-}
-

http://git-wip-us.apache.org/repos/asf/cxf/blob/8be78044/rt/rs/security/oauth-parent/oauth2-jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsCompactReaderWriterTest.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsCompactReaderWriterTest.java
b/rt/rs/security/oauth-parent/oauth2-jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsCompactReaderWriterTest.java
deleted file mode 100644
index bf868bc..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsCompactReaderWriterTest.java
+++ /dev/null
@@ -1,256 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jws;
-
-import java.security.PrivateKey;
-import java.security.interfaces.ECPrivateKey;
-import java.security.interfaces.ECPublicKey;
-import java.security.interfaces.RSAPublicKey;
-import java.util.Arrays;
-import java.util.LinkedHashMap;
-import java.util.List;
-import java.util.Map;
-
-import org.apache.cxf.common.util.crypto.CryptoUtils;
-import org.apache.cxf.rs.security.jose.JoseConstants;
-import org.apache.cxf.rs.security.jose.jwa.Algorithm;
-import org.apache.cxf.rs.security.jose.jwk.JsonWebKey;
-import org.apache.cxf.rs.security.jose.jwt.JwtClaims;
-import org.apache.cxf.rs.security.jose.jwt.JwtHeaders;
-import org.apache.cxf.rs.security.jose.jwt.JwtToken;
-import org.apache.cxf.rs.security.jose.jwt.JwtTokenReaderWriter;
-import org.apache.cxf.rs.security.jose.jwt.JwtTokenWriter;
-
-import org.junit.Assert;
-import org.junit.Test;
-
-public class JwsCompactReaderWriterTest extends Assert {
-    
-    public static final String ENCODED_TOKEN_SIGNED_BY_MAC = 
-        "eyJ0eXAiOiJKV1QiLA0KICJhbGciOiJIUzI1NiJ9"
-        + ".eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ"
-        + ".dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXk";
-    
-    
-    private static final String ENCODED_MAC_KEY = "AyM1SysPpbyDfgZld3umj1qzKObwVMkoqQ-EstJQLr_T-1qS0gZH75"
-        + "aKtMN3Yj0iPS4hcgUuTwjAzZr1Z9CAow";
-    
-    private static final String ENCODED_TOKEN_WITH_JSON_KEY_SIGNED_BY_MAC = 
-        "eyJ0eXAiOiJKV1QiLA0KICJhbGciOiJIU"
-        + "zI1NiIsDQogImp3ayI6eyJrdHkiOiJvY3QiLA0KICJrZXlfb3BzIjpbDQogInNpZ24iLA0KICJ2ZXJpZnkiDQogXX19"
-        + ".eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ"
-        + ".8cFZqb15gEDYRZqSzUu23nQnKNynru1ADByRPvmmOq8";
-    
-    private static final String RSA_MODULUS_ENCODED = "ofgWCuLjybRlzo0tZWJjNiuSfb4p4fAkd_wWJcyQoTbji9k0l8W26mPddx"
-        + "HmfHQp-Vaw-4qPCJrcS2mJPMEzP1Pt0Bm4d4QlL-yRT-SFd2lZS-pCgNMs"
-        + "D1W_YpRPEwOWvG6b32690r2jZ47soMZo9wGzjb_7OMg0LOL-bSf63kpaSH"
-        + "SXndS5z5rexMdbBYUsLA9e-KXBdQOS-UTo7WTBEMa2R2CapHg665xsmtdV"
-        + "MTBQY4uDZlxvb3qCo5ZwKh9kG4LT6_I5IhlJH7aGhyxXFvUK-DWNmoudF8"
-        + "NAco9_h9iaGNj8q2ethFkMLs91kzk2PAcDTW9gb54h4FRWyuXpoQ";
-    private static final String RSA_PUBLIC_EXPONENT_ENCODED = "AQAB";
-    private static final String RSA_PRIVATE_EXPONENT_ENCODED = 
-        "Eq5xpGnNCivDflJsRQBXHx1hdR1k6Ulwe2JZD50LpXyWPEAeP88vLNO97I"
-        + "jlA7_GQ5sLKMgvfTeXZx9SE-7YwVol2NXOoAJe46sui395IW_GO-pWJ1O0"
-        + "BkTGoVEn2bKVRUCgu-GjBVaYLU6f3l9kJfFNS3E0QbVdxzubSu3Mkqzjkn"
-        + "439X0M_V51gfpRLI9JYanrC4D4qAdGcopV_0ZHHzQlBjudU2QvXt4ehNYT"
-        + "CBr6XCLQUShb1juUO1ZdiYoFaFQT5Tw8bGUl_x_jTj3ccPDVZFD9pIuhLh"
-        + "BOneufuBiB4cS98l2SR_RQyGWSeWjnczT0QU91p1DhOVRuOopznQ";
-    private static final String ENCODED_TOKEN_SIGNED_BY_PRIVATE_KEY =
-        "eyJhbGciOiJSUzI1NiJ9"
-        + "."
-        + "eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFt"
-        + "cGxlLmNvbS9pc19yb290Ijp0cnVlfQ"
-        + "."
-        + "cC4hiUPoj9Eetdgtv3hF80EGrhuB__dzERat0XF9g2VtQgr9PJbu3XOiZj5RZmh7"
-        + "AAuHIm4Bh-0Qc_lF5YKt_O8W2Fp5jujGbds9uJdbF9CUAr7t1dnZcAcQjbKBYNX4"
-        + "BAynRFdiuB--f_nZLgrnbyTyWzO75vRK5h6xBArLIARNPvkSjtQBMHlb1L07Qe7K"
-        + "0GarZRmB_eSN9383LcOLn6_dO--xi12jzDwusC-eOkHWEsqtFZESc6BfI7noOPqv"
-        + "hJ1phCnvWh6IeYI2w9QOYEUipUTI8np6LbgGY9Fs98rqVt5AXLIhWkWywlVmtVrB"
-        + "p0igcN_IoypGlUPQGe77Rw";
-     
-    private static final String EC_PRIVATE_KEY_ENCODED = 
-        "jpsQnnGQmL-YBIffH1136cspYG6-0iY7X1fCE9-E9LI";
-    private static final String EC_X_POINT_ENCODED = 
-        "f83OJ3D2xF1Bg8vub9tLe1gHMzV76e8Tus9uPHvRVEU";
-    private static final String EC_Y_POINT_ENCODED = 
-        "x_FEzRu9m36HLN_tue659LNpXW6pCyStikYjKIWI5a0";
-    @Test
-    public void testWriteJwsSignedByMacSpecExample() throws Exception {
-        JwtHeaders headers = new JwtHeaders(Algorithm.HmacSHA256.getJwtName());
-        JwsCompactProducer jws = initSpecJwtTokenWriter(headers);
-        jws.signWith(new HmacJwsSignatureProvider(ENCODED_MAC_KEY, Algorithm.HmacSHA256.getJwtName()));
-        
-        assertEquals(ENCODED_TOKEN_SIGNED_BY_MAC, jws.getSignedEncodedJws());
-        
-    }
-    
-    @Test
-    public void testWriteReadJwsUnsigned() throws Exception {
-        JwtHeaders headers = new JwtHeaders(JoseConstants.PLAIN_TEXT_ALGO);
-        
-        JwtClaims claims = new JwtClaims();
-        claims.setIssuer("https://jwt-idp.example.com");
-        claims.setSubject("mailto:mike@example.com");
-        claims.setAudience("https://jwt-rp.example.net");
-        claims.setNotBefore(1300815780L);
-        claims.setExpiryTime(1300819380L);
-        claims.setClaim("http://claims.example.com/member", true);
-        
-        JwsCompactProducer writer = new JwsJwtCompactProducer(headers, claims);
-        String signed = writer.getSignedEncodedJws();
-        
-        JwsJwtCompactConsumer reader = new JwsJwtCompactConsumer(signed);
-        assertEquals(0, reader.getDecodedSignature().length);
-        
-        JwtToken token = reader.getJwtToken();
-        assertEquals(new JwtToken(headers, claims), token);
-    }
-
-    @Test
-    public void testReadJwsSignedByMacSpecExample() throws Exception {
-        JwsJwtCompactConsumer jws = new JwsJwtCompactConsumer(ENCODED_TOKEN_SIGNED_BY_MAC);
-        assertTrue(jws.verifySignatureWith(new HmacJwsSignatureVerifier(ENCODED_MAC_KEY)));
-        JwtToken token = jws.getJwtToken();
-        JwtHeaders headers = token.getHeaders();
-        assertEquals(JoseConstants.TYPE_JWT, headers.getType());
-        assertEquals(Algorithm.HmacSHA256.getJwtName(), headers.getAlgorithm());
-        validateSpecClaim(token.getClaims());
-    }
-    
-    @Test
-    public void testWriteJwsWithJwkSignedByMac() throws Exception {
-        JsonWebKey key = new JsonWebKey();
-        key.setKeyType(JsonWebKey.KEY_TYPE_OCTET);
-        key.setKeyOperation(Arrays.asList(
-            new String[]{JsonWebKey.KEY_OPER_SIGN, JsonWebKey.KEY_OPER_VERIFY}));
-        doTestWriteJwsWithJwkSignedByMac(key);
-    }
-    
-    @Test
-    public void testWriteJwsWithJwkAsMapSignedByMac() throws Exception {
-        Map<String, Object> map = new LinkedHashMap<String, Object>();
-        map.put(JsonWebKey.KEY_TYPE, JsonWebKey.KEY_TYPE_OCTET);
-        map.put(JsonWebKey.KEY_OPERATIONS,
-                new String[]{JsonWebKey.KEY_OPER_SIGN, JsonWebKey.KEY_OPER_VERIFY});
-        doTestWriteJwsWithJwkSignedByMac(map);
-    }
-    
-    private void doTestWriteJwsWithJwkSignedByMac(Object jsonWebKey) throws Exception {
-        JwtHeaders headers = new JwtHeaders(Algorithm.HmacSHA256.getJwtName());
-        
-        headers.setHeader(JoseConstants.HEADER_JSON_WEB_KEY, jsonWebKey);
-        
-        JwtClaims claims = new JwtClaims();
-        claims.setIssuer("joe");
-        claims.setExpiryTime(1300819380L);
-        claims.setClaim("http://example.com/is_root", Boolean.TRUE);
-        
-        JwtToken token = new JwtToken(headers, claims);
-        JwsCompactProducer jws = new JwsJwtCompactProducer(token, getWriter());
-        jws.signWith(new HmacJwsSignatureProvider(ENCODED_MAC_KEY, Algorithm.HmacSHA256.getJwtName()));
-        
-        assertEquals(ENCODED_TOKEN_WITH_JSON_KEY_SIGNED_BY_MAC, jws.getSignedEncodedJws());
-    }
-    
-    @Test
-    public void testReadJwsWithJwkSignedByMac() throws Exception {
-        JwsJwtCompactConsumer jws = new JwsJwtCompactConsumer(ENCODED_TOKEN_WITH_JSON_KEY_SIGNED_BY_MAC);
-        assertTrue(jws.verifySignatureWith(new HmacJwsSignatureVerifier(ENCODED_MAC_KEY)));
-        JwtToken token = jws.getJwtToken();
-        JwtHeaders headers = token.getHeaders();
-        assertEquals(JoseConstants.TYPE_JWT, headers.getType());
-        assertEquals(Algorithm.HmacSHA256.getJwtName(), headers.getAlgorithm());
-        
-        JsonWebKey key = headers.getJsonWebKey();
-        assertEquals(JsonWebKey.KEY_TYPE_OCTET, key.getKeyType());
-        List<String> keyOps = key.getKeyOperation();
-        assertEquals(2, keyOps.size());
-        assertEquals(JsonWebKey.KEY_OPER_SIGN, keyOps.get(0));
-        assertEquals(JsonWebKey.KEY_OPER_VERIFY, keyOps.get(1));
-        
-        validateSpecClaim(token.getClaims());
-    }
-    
-    private void validateSpecClaim(JwtClaims claims) {
-        assertEquals("joe", claims.getIssuer());
-        assertEquals(Long.valueOf(1300819380), claims.getExpiryTime());
-        assertEquals(Boolean.TRUE, claims.getClaim("http://example.com/is_root"));
-    }
-    
-    @Test
-    public void testWriteJwsSignedByPrivateKey() throws Exception {
-        JwtHeaders headers = new JwtHeaders();
-        headers.setAlgorithm(Algorithm.SHA256withRSA.getJwtName());
-        JwsCompactProducer jws = initSpecJwtTokenWriter(headers);
-        PrivateKey key = CryptoUtils.getRSAPrivateKey(RSA_MODULUS_ENCODED, RSA_PRIVATE_EXPONENT_ENCODED);
-        jws.signWith(new PrivateKeyJwsSignatureProvider(key, Algorithm.SHA256withRSA.getJwtName()));
-        
-        assertEquals(ENCODED_TOKEN_SIGNED_BY_PRIVATE_KEY, jws.getSignedEncodedJws());
-    }
-    
-    @Test
-    public void testWriteReadJwsSignedByESPrivateKey() throws Exception {
-        JwtHeaders headers = new JwtHeaders();
-        headers.setAlgorithm(Algorithm.SHA256withECDSA.getJwtName());
-        JwsCompactProducer jws = initSpecJwtTokenWriter(headers);
-        ECPrivateKey privateKey = CryptoUtils.getECPrivateKey(JsonWebKey.EC_CURVE_P256,
-                                                              EC_PRIVATE_KEY_ENCODED);
-        jws.signWith(new EcDsaJwsSignatureProvider(privateKey, Algorithm.SHA256withECDSA.getJwtName()));
-        String signedJws = jws.getSignedEncodedJws();
-        
-        ECPublicKey publicKey = CryptoUtils.getECPublicKey(JsonWebKey.EC_CURVE_P256,
-                                                           EC_X_POINT_ENCODED, 
-                                                           EC_Y_POINT_ENCODED);
-        JwsJwtCompactConsumer jwsConsumer = new JwsJwtCompactConsumer(signedJws);
-        assertTrue(jwsConsumer.verifySignatureWith(new EcDsaJwsSignatureVerifier(publicKey)));
-        JwtToken token = jwsConsumer.getJwtToken();
-        JwtHeaders headersReceived = token.getHeaders();
-        assertEquals(Algorithm.SHA256withECDSA.getJwtName(), headersReceived.getAlgorithm());
-        validateSpecClaim(token.getClaims());
-    }
-    
-    @Test
-    public void testReadJwsSignedByPrivateKey() throws Exception {
-        JwsJwtCompactConsumer jws = new JwsJwtCompactConsumer(ENCODED_TOKEN_SIGNED_BY_PRIVATE_KEY);
-        RSAPublicKey key = CryptoUtils.getRSAPublicKey(RSA_MODULUS_ENCODED, RSA_PUBLIC_EXPONENT_ENCODED);
-        assertTrue(jws.verifySignatureWith(new PublicKeyJwsSignatureVerifier(key)));
-        JwtToken token = jws.getJwtToken();
-        JwtHeaders headers = token.getHeaders();
-        assertEquals(Algorithm.SHA256withRSA.getJwtName(), headers.getAlgorithm());
-        validateSpecClaim(token.getClaims());
-    }
-    
-    private JwsCompactProducer initSpecJwtTokenWriter(JwtHeaders headers) throws Exception
{
-        
-        JwtClaims claims = new JwtClaims();
-        claims.setIssuer("joe");
-        claims.setExpiryTime(1300819380L);
-        claims.setClaim("http://example.com/is_root", Boolean.TRUE);
-        
-        JwtToken token = new JwtToken(headers, claims);
-        return new JwsJwtCompactProducer(token, getWriter());
-    }
-
-    
-    private JwtTokenWriter getWriter() {
-        JwtTokenReaderWriter jsonWriter = new JwtTokenReaderWriter();
-        jsonWriter.setFormat(true);
-        return jsonWriter;
-    }
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/8be78044/rt/rs/security/oauth-parent/oauth2-jose/src/test/java/org/apache/cxf/rs/security/jose/jwt/grant/JwtUserSubjectTest.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jose/src/test/java/org/apache/cxf/rs/security/jose/jwt/grant/JwtUserSubjectTest.java
b/rt/rs/security/oauth-parent/oauth2-jose/src/test/java/org/apache/cxf/rs/security/jose/jwt/grant/JwtUserSubjectTest.java
new file mode 100644
index 0000000..1be0216
--- /dev/null
+++ b/rt/rs/security/oauth-parent/oauth2-jose/src/test/java/org/apache/cxf/rs/security/jose/jwt/grant/JwtUserSubjectTest.java
@@ -0,0 +1,32 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.jose.jwt.grant;
+
+import org.junit.Assert;
+import org.junit.Test;
+
+public class JwtUserSubjectTest extends Assert {
+
+    @Test
+    public void testJwtUserSubject() {
+        // to be expanded
+        assertNotNull(new JwtUserSubject("user", null));
+    }
+
+}


Mime
View raw message