Return-Path: X-Original-To: apmail-cxf-commits-archive@www.apache.org Delivered-To: apmail-cxf-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id CA7D1176D4 for ; Mon, 6 Oct 2014 17:25:54 +0000 (UTC) Received: (qmail 70593 invoked by uid 500); 6 Oct 2014 17:25:54 -0000 Delivered-To: apmail-cxf-commits-archive@cxf.apache.org Received: (qmail 70529 invoked by uid 500); 6 Oct 2014 17:25:54 -0000 Mailing-List: contact commits-help@cxf.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cxf.apache.org Delivered-To: mailing list commits@cxf.apache.org Received: (qmail 70518 invoked by uid 99); 6 Oct 2014 17:25:54 -0000 Received: from tyr.zones.apache.org (HELO tyr.zones.apache.org) (140.211.11.114) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 06 Oct 2014 17:25:54 +0000 Received: by tyr.zones.apache.org (Postfix, from userid 65534) id 54F7832084A; Mon, 6 Oct 2014 17:25:54 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: sergeyb@apache.org To: commits@cxf.apache.org Date: Mon, 06 Oct 2014 17:25:54 -0000 Message-Id: <79b7abeb12ab45d582d930154a5c047b@git.apache.org> X-Mailer: ASF-Git Admin Mailer Subject: [01/10] [CXF-5944] Finalizing the current round of refactorings with introducing a dedicated rt rs security module, idea from Luigi Lo Iacono Repository: cxf Updated Branches: refs/heads/master 6129ec5f6 -> 9c053334d http://git-wip-us.apache.org/repos/asf/cxf/blob/9c053334/rt/rs/security/oauth-parent/oauth2-jose/src/test/java/org/apache/cxf/rs/security/jose/jwk/jwkSecretSet.txt ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2-jose/src/test/java/org/apache/cxf/rs/security/jose/jwk/jwkSecretSet.txt b/rt/rs/security/oauth-parent/oauth2-jose/src/test/java/org/apache/cxf/rs/security/jose/jwk/jwkSecretSet.txt deleted file mode 100644 index 6520c75..0000000 --- a/rt/rs/security/oauth-parent/oauth2-jose/src/test/java/org/apache/cxf/rs/security/jose/jwk/jwkSecretSet.txt +++ /dev/null @@ -1,13 +0,0 @@ -{"keys": - [ - {"kty":"oct", - "alg":"A128KW", - "k":"GawgguFyGrWKav7AX4VKUg", - "kid":"AesWrapKey"}, - - {"kty":"oct", - "alg":"HS256", - "k":"AyM1SysPpbyDfgZld3umj1qzKObwVMkoqQ-EstJQLr_T-1qS0gZH75aKtMN3Yj0iPS4hcgUuTwjAzZr1Z9CAow", - "kid":"HMACKey"} - ] - } \ No newline at end of file http://git-wip-us.apache.org/repos/asf/cxf/blob/9c053334/rt/rs/security/oauth-parent/oauth2-jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsCompactHeaderTest.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2-jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsCompactHeaderTest.java b/rt/rs/security/oauth-parent/oauth2-jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsCompactHeaderTest.java deleted file mode 100644 index 0cc0a07..0000000 --- a/rt/rs/security/oauth-parent/oauth2-jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsCompactHeaderTest.java +++ /dev/null @@ -1,147 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package org.apache.cxf.rs.security.jose.jws; - -import org.junit.Assert; -import org.junit.Test; - -public class JwsCompactHeaderTest extends Assert { - - /** - * JWS string, which lacks the "alg" header field. - * - * => Must be rejected by verification operation, since the spec declares - * that the "alg" header field must be present in the compact serialization. - */ - public static final String MISSING_ALG_HEADER_FIELD_IN_JWS = - "eyAiZ2xhIiA6ICJDQU1IIiB9.eyAibXNnIjogIllvdSBjYW4ndCB0b3VjaCB0aGlzISIgfQ" - + ".Sqd_AuwlPPqv4L1EV4zPuR-HfFJpe9kOfvc597RlcoE"; - - /** - * JWS string, which contains two "alg" header fields. Bogus "alg" header - * field first. - * - * => Must be rejected by verification operation, since the spec declares - * that the "alg" header field must be present once in the compact - * serialization. - */ - public static final String TWO_ALG_HEADER_FIELDS_IN_JWS_BOGUS_FIRST = - "eyAiYWxnIjogIkJvZ3VzIiwgImFsZyI6ICJIUzI1NiIgfQ.eyAibXNnIjogIllvdSBjYW4ndCB0b3VjaCB0aGlzISIgfQ" - + ".FIgpDi1Wp9iIxxXfBw8Zce2kiZ8gmqAaVYPduRFR8kU"; - - /** - * JWS string, which contains two "alg" header fields. Bogus "alg" header - * field last. - * - * => Must be rejected by verification operation, since the spec declares - * that the "alg" header field must be present once in the compact - * serialization. - */ - public static final String TWO_ALG_HEADER_FIELDS_IN_JWS_BOGUS_LAST = - "eyAiYWxnIjogIkhTMjU2IiwgImFsZyI6ICJCb2d1cyIgfQ.eyAibXNnIjogIllvdSBjYW4ndCB0b3VjaCB0aGlzISIgfQ" - + ".Ftwla-nAg0Nty8ILVhjlIETOy2Tw1JsD3bBq55AS0PU"; - - /** - * JWS string, which contains an invalid "alg" header field value. - * - * (1): Algorithm not supported/known - * - * => Must be rejected by verification operation, since the spec declares - * that the signature is not valid if the "alg" value does not represent a - * supported algorithm. "alg" values should either be registered in the IANA - * JSON Web Signature and Encryption Algorithms registry defined in JWA or - * be a value that contains a Collision-Resistant Name. - */ - public static final String INVALID_ALG_HEADER_VALUE_IN_JWS_1 = "tba"; - - /** - * JWS string, which contains an invalid "alg" header field value. - * - * (2): Wrong value encoding - * - * => Must be rejected by verification operation, since the spec declares - * that the "alg" value is a case-sensitive string containing a StringOrURI - * value. - */ - public static final String INVALID_ALG_HEADER_VALUE_IN_JWS_2 = "tba"; - - /** - * JWS string, which contains a "alg" header field value of "none". The - * signature has been generated with "HS256" and the signed JWS has been - * altered afterwards to the value "none". - * - * => Must be rejected by verification operation, since the "none" algorithm - * is considered harmful. - */ - public static final String ALG_HEADER_VALUE_HS256_IN_JWS = - "eyAiYWxnIjogIkhTMjU2IiB9" - + ".eyAibXNnIjogIllvdSBjYW4ndCB0b3VjaCB0aGlzISIgfQ" - + ".as_gclokwAmukh3zVF1X5sUCCfSc8TbjDdhdvk6C5c8"; - public static final String ALG_HEADER_VALUE_NONE_IN_JWS = - "eyAiYWxnIjogIm5vbmUiIH0" - + ".eyAibXNnIjogIllvdSBjYW4ndCB0b3VjaCB0aGlzISIgfQ" - + ".as_gclokwAmukh3zVF1X5sUCCfSc8TbjDdhdvk6C5c8"; - - - /** - * Support material (keys, etc.) - */ - private static final String ENCODED_MAC_KEY = "AyM1SysPpbyDfgZld3umj1qzKObwVMkoqQ-EstJQLr_T-1qS0gZH75" - + "aKtMN3Yj0iPS4hcgUuTwjAzZr1Z9CAow"; - - // JWS string, which contains crit header field - // JWS string, which contains more than three parts - // JWS string, which contains less than three parts - // JWS string, which contains null bytes padding - - @Test - public void verifyJwsWithMissingAlgHeaderField() throws Exception { - JwsCompactConsumer jwsConsumer = new JwsCompactConsumer(MISSING_ALG_HEADER_FIELD_IN_JWS); - - assertFalse(jwsConsumer.verifySignatureWith(new HmacJwsSignatureVerifier(ENCODED_MAC_KEY))); - } - - @Test - public void verifyJwsWithTwoAlgHeaderFieldsBogusFieldFirst() throws Exception { - JwsCompactConsumer jwsConsumer = new JwsCompactConsumer(TWO_ALG_HEADER_FIELDS_IN_JWS_BOGUS_FIRST); - - assertFalse(jwsConsumer.verifySignatureWith(new HmacJwsSignatureVerifier(ENCODED_MAC_KEY))); - } - - @Test - public void verifyJwsWithTwoAlgHeaderFieldsBogusFieldLast() throws Exception { - JwsCompactConsumer jwsConsumer = new JwsCompactConsumer(TWO_ALG_HEADER_FIELDS_IN_JWS_BOGUS_LAST); - - assertFalse(jwsConsumer.verifySignatureWith(new HmacJwsSignatureVerifier(ENCODED_MAC_KEY))); - } - - @Test - public void verifyJwsWithAlgHeaderValueNone() throws Exception { - JwsCompactConsumer jwsConsumerOriginal = new JwsCompactConsumer(ALG_HEADER_VALUE_HS256_IN_JWS); - - JwsCompactConsumer jwsConsumerAltered = new JwsCompactConsumer(ALG_HEADER_VALUE_NONE_IN_JWS); - - assertTrue(jwsConsumerOriginal.verifySignatureWith(new HmacJwsSignatureVerifier(ENCODED_MAC_KEY))); - - assertFalse(jwsConsumerAltered.verifySignatureWith(new HmacJwsSignatureVerifier(ENCODED_MAC_KEY))); - } - - -} - http://git-wip-us.apache.org/repos/asf/cxf/blob/9c053334/rt/rs/security/oauth-parent/oauth2-jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsCompactReaderWriterTest.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2-jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsCompactReaderWriterTest.java b/rt/rs/security/oauth-parent/oauth2-jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsCompactReaderWriterTest.java deleted file mode 100644 index bf868bc..0000000 --- a/rt/rs/security/oauth-parent/oauth2-jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsCompactReaderWriterTest.java +++ /dev/null @@ -1,256 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package org.apache.cxf.rs.security.jose.jws; - -import java.security.PrivateKey; -import java.security.interfaces.ECPrivateKey; -import java.security.interfaces.ECPublicKey; -import java.security.interfaces.RSAPublicKey; -import java.util.Arrays; -import java.util.LinkedHashMap; -import java.util.List; -import java.util.Map; - -import org.apache.cxf.common.util.crypto.CryptoUtils; -import org.apache.cxf.rs.security.jose.JoseConstants; -import org.apache.cxf.rs.security.jose.jwa.Algorithm; -import org.apache.cxf.rs.security.jose.jwk.JsonWebKey; -import org.apache.cxf.rs.security.jose.jwt.JwtClaims; -import org.apache.cxf.rs.security.jose.jwt.JwtHeaders; -import org.apache.cxf.rs.security.jose.jwt.JwtToken; -import org.apache.cxf.rs.security.jose.jwt.JwtTokenReaderWriter; -import org.apache.cxf.rs.security.jose.jwt.JwtTokenWriter; - -import org.junit.Assert; -import org.junit.Test; - -public class JwsCompactReaderWriterTest extends Assert { - - public static final String ENCODED_TOKEN_SIGNED_BY_MAC = - "eyJ0eXAiOiJKV1QiLA0KICJhbGciOiJIUzI1NiJ9" - + ".eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ" - + ".dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXk"; - - - private static final String ENCODED_MAC_KEY = "AyM1SysPpbyDfgZld3umj1qzKObwVMkoqQ-EstJQLr_T-1qS0gZH75" - + "aKtMN3Yj0iPS4hcgUuTwjAzZr1Z9CAow"; - - private static final String ENCODED_TOKEN_WITH_JSON_KEY_SIGNED_BY_MAC = - "eyJ0eXAiOiJKV1QiLA0KICJhbGciOiJIU" - + "zI1NiIsDQogImp3ayI6eyJrdHkiOiJvY3QiLA0KICJrZXlfb3BzIjpbDQogInNpZ24iLA0KICJ2ZXJpZnkiDQogXX19" - + ".eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ" - + ".8cFZqb15gEDYRZqSzUu23nQnKNynru1ADByRPvmmOq8"; - - private static final String RSA_MODULUS_ENCODED = "ofgWCuLjybRlzo0tZWJjNiuSfb4p4fAkd_wWJcyQoTbji9k0l8W26mPddx" - + "HmfHQp-Vaw-4qPCJrcS2mJPMEzP1Pt0Bm4d4QlL-yRT-SFd2lZS-pCgNMs" - + "D1W_YpRPEwOWvG6b32690r2jZ47soMZo9wGzjb_7OMg0LOL-bSf63kpaSH" - + "SXndS5z5rexMdbBYUsLA9e-KXBdQOS-UTo7WTBEMa2R2CapHg665xsmtdV" - + "MTBQY4uDZlxvb3qCo5ZwKh9kG4LT6_I5IhlJH7aGhyxXFvUK-DWNmoudF8" - + "NAco9_h9iaGNj8q2ethFkMLs91kzk2PAcDTW9gb54h4FRWyuXpoQ"; - private static final String RSA_PUBLIC_EXPONENT_ENCODED = "AQAB"; - private static final String RSA_PRIVATE_EXPONENT_ENCODED = - "Eq5xpGnNCivDflJsRQBXHx1hdR1k6Ulwe2JZD50LpXyWPEAeP88vLNO97I" - + "jlA7_GQ5sLKMgvfTeXZx9SE-7YwVol2NXOoAJe46sui395IW_GO-pWJ1O0" - + "BkTGoVEn2bKVRUCgu-GjBVaYLU6f3l9kJfFNS3E0QbVdxzubSu3Mkqzjkn" - + "439X0M_V51gfpRLI9JYanrC4D4qAdGcopV_0ZHHzQlBjudU2QvXt4ehNYT" - + "CBr6XCLQUShb1juUO1ZdiYoFaFQT5Tw8bGUl_x_jTj3ccPDVZFD9pIuhLh" - + "BOneufuBiB4cS98l2SR_RQyGWSeWjnczT0QU91p1DhOVRuOopznQ"; - private static final String ENCODED_TOKEN_SIGNED_BY_PRIVATE_KEY = - "eyJhbGciOiJSUzI1NiJ9" - + "." - + "eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFt" - + "cGxlLmNvbS9pc19yb290Ijp0cnVlfQ" - + "." - + "cC4hiUPoj9Eetdgtv3hF80EGrhuB__dzERat0XF9g2VtQgr9PJbu3XOiZj5RZmh7" - + "AAuHIm4Bh-0Qc_lF5YKt_O8W2Fp5jujGbds9uJdbF9CUAr7t1dnZcAcQjbKBYNX4" - + "BAynRFdiuB--f_nZLgrnbyTyWzO75vRK5h6xBArLIARNPvkSjtQBMHlb1L07Qe7K" - + "0GarZRmB_eSN9383LcOLn6_dO--xi12jzDwusC-eOkHWEsqtFZESc6BfI7noOPqv" - + "hJ1phCnvWh6IeYI2w9QOYEUipUTI8np6LbgGY9Fs98rqVt5AXLIhWkWywlVmtVrB" - + "p0igcN_IoypGlUPQGe77Rw"; - - private static final String EC_PRIVATE_KEY_ENCODED = - "jpsQnnGQmL-YBIffH1136cspYG6-0iY7X1fCE9-E9LI"; - private static final String EC_X_POINT_ENCODED = - "f83OJ3D2xF1Bg8vub9tLe1gHMzV76e8Tus9uPHvRVEU"; - private static final String EC_Y_POINT_ENCODED = - "x_FEzRu9m36HLN_tue659LNpXW6pCyStikYjKIWI5a0"; - @Test - public void testWriteJwsSignedByMacSpecExample() throws Exception { - JwtHeaders headers = new JwtHeaders(Algorithm.HmacSHA256.getJwtName()); - JwsCompactProducer jws = initSpecJwtTokenWriter(headers); - jws.signWith(new HmacJwsSignatureProvider(ENCODED_MAC_KEY, Algorithm.HmacSHA256.getJwtName())); - - assertEquals(ENCODED_TOKEN_SIGNED_BY_MAC, jws.getSignedEncodedJws()); - - } - - @Test - public void testWriteReadJwsUnsigned() throws Exception { - JwtHeaders headers = new JwtHeaders(JoseConstants.PLAIN_TEXT_ALGO); - - JwtClaims claims = new JwtClaims(); - claims.setIssuer("https://jwt-idp.example.com"); - claims.setSubject("mailto:mike@example.com"); - claims.setAudience("https://jwt-rp.example.net"); - claims.setNotBefore(1300815780L); - claims.setExpiryTime(1300819380L); - claims.setClaim("http://claims.example.com/member", true); - - JwsCompactProducer writer = new JwsJwtCompactProducer(headers, claims); - String signed = writer.getSignedEncodedJws(); - - JwsJwtCompactConsumer reader = new JwsJwtCompactConsumer(signed); - assertEquals(0, reader.getDecodedSignature().length); - - JwtToken token = reader.getJwtToken(); - assertEquals(new JwtToken(headers, claims), token); - } - - @Test - public void testReadJwsSignedByMacSpecExample() throws Exception { - JwsJwtCompactConsumer jws = new JwsJwtCompactConsumer(ENCODED_TOKEN_SIGNED_BY_MAC); - assertTrue(jws.verifySignatureWith(new HmacJwsSignatureVerifier(ENCODED_MAC_KEY))); - JwtToken token = jws.getJwtToken(); - JwtHeaders headers = token.getHeaders(); - assertEquals(JoseConstants.TYPE_JWT, headers.getType()); - assertEquals(Algorithm.HmacSHA256.getJwtName(), headers.getAlgorithm()); - validateSpecClaim(token.getClaims()); - } - - @Test - public void testWriteJwsWithJwkSignedByMac() throws Exception { - JsonWebKey key = new JsonWebKey(); - key.setKeyType(JsonWebKey.KEY_TYPE_OCTET); - key.setKeyOperation(Arrays.asList( - new String[]{JsonWebKey.KEY_OPER_SIGN, JsonWebKey.KEY_OPER_VERIFY})); - doTestWriteJwsWithJwkSignedByMac(key); - } - - @Test - public void testWriteJwsWithJwkAsMapSignedByMac() throws Exception { - Map map = new LinkedHashMap(); - map.put(JsonWebKey.KEY_TYPE, JsonWebKey.KEY_TYPE_OCTET); - map.put(JsonWebKey.KEY_OPERATIONS, - new String[]{JsonWebKey.KEY_OPER_SIGN, JsonWebKey.KEY_OPER_VERIFY}); - doTestWriteJwsWithJwkSignedByMac(map); - } - - private void doTestWriteJwsWithJwkSignedByMac(Object jsonWebKey) throws Exception { - JwtHeaders headers = new JwtHeaders(Algorithm.HmacSHA256.getJwtName()); - - headers.setHeader(JoseConstants.HEADER_JSON_WEB_KEY, jsonWebKey); - - JwtClaims claims = new JwtClaims(); - claims.setIssuer("joe"); - claims.setExpiryTime(1300819380L); - claims.setClaim("http://example.com/is_root", Boolean.TRUE); - - JwtToken token = new JwtToken(headers, claims); - JwsCompactProducer jws = new JwsJwtCompactProducer(token, getWriter()); - jws.signWith(new HmacJwsSignatureProvider(ENCODED_MAC_KEY, Algorithm.HmacSHA256.getJwtName())); - - assertEquals(ENCODED_TOKEN_WITH_JSON_KEY_SIGNED_BY_MAC, jws.getSignedEncodedJws()); - } - - @Test - public void testReadJwsWithJwkSignedByMac() throws Exception { - JwsJwtCompactConsumer jws = new JwsJwtCompactConsumer(ENCODED_TOKEN_WITH_JSON_KEY_SIGNED_BY_MAC); - assertTrue(jws.verifySignatureWith(new HmacJwsSignatureVerifier(ENCODED_MAC_KEY))); - JwtToken token = jws.getJwtToken(); - JwtHeaders headers = token.getHeaders(); - assertEquals(JoseConstants.TYPE_JWT, headers.getType()); - assertEquals(Algorithm.HmacSHA256.getJwtName(), headers.getAlgorithm()); - - JsonWebKey key = headers.getJsonWebKey(); - assertEquals(JsonWebKey.KEY_TYPE_OCTET, key.getKeyType()); - List keyOps = key.getKeyOperation(); - assertEquals(2, keyOps.size()); - assertEquals(JsonWebKey.KEY_OPER_SIGN, keyOps.get(0)); - assertEquals(JsonWebKey.KEY_OPER_VERIFY, keyOps.get(1)); - - validateSpecClaim(token.getClaims()); - } - - private void validateSpecClaim(JwtClaims claims) { - assertEquals("joe", claims.getIssuer()); - assertEquals(Long.valueOf(1300819380), claims.getExpiryTime()); - assertEquals(Boolean.TRUE, claims.getClaim("http://example.com/is_root")); - } - - @Test - public void testWriteJwsSignedByPrivateKey() throws Exception { - JwtHeaders headers = new JwtHeaders(); - headers.setAlgorithm(Algorithm.SHA256withRSA.getJwtName()); - JwsCompactProducer jws = initSpecJwtTokenWriter(headers); - PrivateKey key = CryptoUtils.getRSAPrivateKey(RSA_MODULUS_ENCODED, RSA_PRIVATE_EXPONENT_ENCODED); - jws.signWith(new PrivateKeyJwsSignatureProvider(key, Algorithm.SHA256withRSA.getJwtName())); - - assertEquals(ENCODED_TOKEN_SIGNED_BY_PRIVATE_KEY, jws.getSignedEncodedJws()); - } - - @Test - public void testWriteReadJwsSignedByESPrivateKey() throws Exception { - JwtHeaders headers = new JwtHeaders(); - headers.setAlgorithm(Algorithm.SHA256withECDSA.getJwtName()); - JwsCompactProducer jws = initSpecJwtTokenWriter(headers); - ECPrivateKey privateKey = CryptoUtils.getECPrivateKey(JsonWebKey.EC_CURVE_P256, - EC_PRIVATE_KEY_ENCODED); - jws.signWith(new EcDsaJwsSignatureProvider(privateKey, Algorithm.SHA256withECDSA.getJwtName())); - String signedJws = jws.getSignedEncodedJws(); - - ECPublicKey publicKey = CryptoUtils.getECPublicKey(JsonWebKey.EC_CURVE_P256, - EC_X_POINT_ENCODED, - EC_Y_POINT_ENCODED); - JwsJwtCompactConsumer jwsConsumer = new JwsJwtCompactConsumer(signedJws); - assertTrue(jwsConsumer.verifySignatureWith(new EcDsaJwsSignatureVerifier(publicKey))); - JwtToken token = jwsConsumer.getJwtToken(); - JwtHeaders headersReceived = token.getHeaders(); - assertEquals(Algorithm.SHA256withECDSA.getJwtName(), headersReceived.getAlgorithm()); - validateSpecClaim(token.getClaims()); - } - - @Test - public void testReadJwsSignedByPrivateKey() throws Exception { - JwsJwtCompactConsumer jws = new JwsJwtCompactConsumer(ENCODED_TOKEN_SIGNED_BY_PRIVATE_KEY); - RSAPublicKey key = CryptoUtils.getRSAPublicKey(RSA_MODULUS_ENCODED, RSA_PUBLIC_EXPONENT_ENCODED); - assertTrue(jws.verifySignatureWith(new PublicKeyJwsSignatureVerifier(key))); - JwtToken token = jws.getJwtToken(); - JwtHeaders headers = token.getHeaders(); - assertEquals(Algorithm.SHA256withRSA.getJwtName(), headers.getAlgorithm()); - validateSpecClaim(token.getClaims()); - } - - private JwsCompactProducer initSpecJwtTokenWriter(JwtHeaders headers) throws Exception { - - JwtClaims claims = new JwtClaims(); - claims.setIssuer("joe"); - claims.setExpiryTime(1300819380L); - claims.setClaim("http://example.com/is_root", Boolean.TRUE); - - JwtToken token = new JwtToken(headers, claims); - return new JwsJwtCompactProducer(token, getWriter()); - } - - - private JwtTokenWriter getWriter() { - JwtTokenReaderWriter jsonWriter = new JwtTokenReaderWriter(); - jsonWriter.setFormat(true); - return jsonWriter; - } -} http://git-wip-us.apache.org/repos/asf/cxf/blob/9c053334/rt/rs/security/oauth-parent/oauth2-jose/src/test/java/org/apache/cxf/rs/security/jose/jwt/grant/JwtUserSubjectTest.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2-jose/src/test/java/org/apache/cxf/rs/security/jose/jwt/grant/JwtUserSubjectTest.java b/rt/rs/security/oauth-parent/oauth2-jose/src/test/java/org/apache/cxf/rs/security/jose/jwt/grant/JwtUserSubjectTest.java new file mode 100644 index 0000000..1be0216 --- /dev/null +++ b/rt/rs/security/oauth-parent/oauth2-jose/src/test/java/org/apache/cxf/rs/security/jose/jwt/grant/JwtUserSubjectTest.java @@ -0,0 +1,32 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.cxf.rs.security.jose.jwt.grant; + +import org.junit.Assert; +import org.junit.Test; + +public class JwtUserSubjectTest extends Assert { + + @Test + public void testJwtUserSubject() { + // to be expanded + assertNotNull(new JwtUserSubject("user", null)); + } + +}