cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject git commit: [CXF-6053] Adding more JwsJson tests, slightly modifies patch from Daniel Torkian applied
Date Tue, 04 Nov 2014 10:45:49 GMT
Repository: cxf
Updated Branches:
  refs/heads/master 2c62312b6 -> b6a5a8799


[CXF-6053] Adding more JwsJson tests, slightly modifies patch from Daniel Torkian applied


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/b6a5a879
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/b6a5a879
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/b6a5a879

Branch: refs/heads/master
Commit: b6a5a8799e1de06e47715e5a775556f6b8b750d5
Parents: 2c62312
Author: Sergey Beryozkin <sberyozkin@talend.com>
Authored: Tue Nov 4 10:45:29 2014 +0000
Committer: Sergey Beryozkin <sberyozkin@talend.com>
Committed: Tue Nov 4 10:45:29 2014 +0000

----------------------------------------------------------------------
 .../jaxrs/AbstractJwsJsonReaderProvider.java    |  7 +++++
 .../jose/jaxrs/JwsJsonClientResponseFilter.java |  3 ++-
 .../jaxrs/JwsJsonContainerRequestFilter.java    |  4 ++-
 .../cxf/rs/security/jose/jws/JwsUtils.java      | 12 ++++++---
 .../jaxrs/security/jwt/JAXRSJwsJsonTest.java    | 27 +++++++++++++++++++-
 .../jaxrs/security/jwt/serverJwsJson.xml        | 13 ++++++++++
 .../jaxrs/security/certs/jwkPrivateSet.txt      |  5 ++++
 7 files changed, 64 insertions(+), 7 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/b6a5a879/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/AbstractJwsJsonReaderProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/AbstractJwsJsonReaderProvider.java
b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/AbstractJwsJsonReaderProvider.java
index 7272df9..17f31b5 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/AbstractJwsJsonReaderProvider.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/AbstractJwsJsonReaderProvider.java
@@ -36,6 +36,7 @@ public class AbstractJwsJsonReaderProvider {
     
     private List<JwsSignatureVerifier> sigVerifiers;
     private String defaultMediaType;
+    private boolean strictVerification;
     
     public void setSignatureVerifier(JwsSignatureVerifier signatureVerifier) {
         setSignatureVerifiers(Collections.singletonList(signatureVerifier));
@@ -75,5 +76,11 @@ public class AbstractJwsJsonReaderProvider {
     public void setDefaultMediaType(String defaultMediaType) {
         this.defaultMediaType = defaultMediaType;
     }
+    public boolean isStrictVerification() {
+        return strictVerification;
+    }
+    public void setStrictVerification(boolean strictVerification) {
+        this.strictVerification = strictVerification;
+    }
     
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/b6a5a879/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsJsonClientResponseFilter.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsJsonClientResponseFilter.java
b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsJsonClientResponseFilter.java
index 273aba1..ecd0912 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsJsonClientResponseFilter.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsJsonClientResponseFilter.java
@@ -39,7 +39,8 @@ public class JwsJsonClientResponseFilter extends AbstractJwsJsonReaderProvider
i
     public void filter(ClientRequestContext req, ClientResponseContext res) throws IOException
{
         List<JwsSignatureVerifier> theSigVerifiers = getInitializedSigVerifiers();
         JwsJsonConsumer p = new JwsJsonConsumer(IOUtils.readStringFromStream(res.getEntityStream()));
-        if (!p.verifySignatureWith(theSigVerifiers)) {
+        if (isStrictVerification() && p.getSignatureEntries().size() != theSigVerifiers.size()
+            || !p.verifySignatureWith(theSigVerifiers)) {
             throw new SecurityException();
         }
         byte[] bytes = p.getDecodedJwsPayloadBytes();

http://git-wip-us.apache.org/repos/asf/cxf/blob/b6a5a879/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsJsonContainerRequestFilter.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsJsonContainerRequestFilter.java
b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsJsonContainerRequestFilter.java
index 6b7ffdf..93cf0eb 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsJsonContainerRequestFilter.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsJsonContainerRequestFilter.java
@@ -42,7 +42,9 @@ public class JwsJsonContainerRequestFilter extends AbstractJwsJsonReaderProvider
         
         List<JwsSignatureVerifier> theSigVerifiers = getInitializedSigVerifiers();
         JwsJsonConsumer p = new JwsJsonConsumer(IOUtils.readStringFromStream(context.getEntityStream()));
-        if (!p.verifySignatureWith(theSigVerifiers)) {
+        
+        if (isStrictVerification() && p.getSignatureEntries().size() != theSigVerifiers.size()

+            || !p.verifySignatureWith(theSigVerifiers)) {
             context.abortWith(JAXRSUtils.toResponse(400));
             return;
         }

http://git-wip-us.apache.org/repos/asf/cxf/blob/b6a5a879/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java
b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java
index 21cb1e1..93abfd5 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java
@@ -94,8 +94,10 @@ public final class JwsUtils {
         String rsaSignatureAlgo = null;
         if (JwkUtils.JWK_KEY_STORE_TYPE.equals(props.get(KeyManagementUtils.RSSEC_KEY_STORE_TYPE)))
{
             JsonWebKey jwk = JwkUtils.loadJsonWebKey(m, props, JsonWebKey.KEY_OPER_SIGN);
-            rsaSignatureAlgo = getSignatureAlgo(props, jwk.getAlgorithm());
-            theSigProvider = JwsUtils.getSignatureProvider(jwk, rsaSignatureAlgo);
+            if (jwk != null) {
+                rsaSignatureAlgo = getSignatureAlgo(props, jwk.getAlgorithm());
+                theSigProvider = JwsUtils.getSignatureProvider(jwk, rsaSignatureAlgo);
+            }
         } else {
             rsaSignatureAlgo = getSignatureAlgo(props, null);
             RSAPrivateKey pk = (RSAPrivateKey)KeyManagementUtils.loadPrivateKey(m, props,

@@ -137,8 +139,10 @@ public final class JwsUtils {
         String rsaSignatureAlgo = null;
         if (JwkUtils.JWK_KEY_STORE_TYPE.equals(props.get(KeyManagementUtils.RSSEC_KEY_STORE_TYPE)))
{
             JsonWebKey jwk = JwkUtils.loadJsonWebKey(m, props, JsonWebKey.KEY_OPER_VERIFY);
-            rsaSignatureAlgo = getSignatureAlgo(props, jwk.getAlgorithm());
-            theVerifier = JwsUtils.getSignatureVerifier(jwk, rsaSignatureAlgo);
+            if (jwk != null) {
+                rsaSignatureAlgo = getSignatureAlgo(props, jwk.getAlgorithm());
+                theVerifier = JwsUtils.getSignatureVerifier(jwk, rsaSignatureAlgo);
+            }
             
         } else {
             rsaSignatureAlgo = getSignatureAlgo(props, null);

http://git-wip-us.apache.org/repos/asf/cxf/blob/b6a5a879/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JAXRSJwsJsonTest.java
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JAXRSJwsJsonTest.java
b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JAXRSJwsJsonTest.java
index f515da1..cbd1b13 100644
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JAXRSJwsJsonTest.java
+++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JAXRSJwsJsonTest.java
@@ -20,6 +20,7 @@
 package org.apache.cxf.systest.jaxrs.security.jwt;
 
 import java.net.URL;
+import java.util.ArrayList;
 import java.util.LinkedList;
 import java.util.List;
 
@@ -58,7 +59,31 @@ public class JAXRSJwsJsonTest extends AbstractBusClientServerTestBase {
         assertEquals("book", book.getName());
         assertEquals(123L, book.getId());
     }
-    private BookStore createBookStore(String address, String properties) throws Exception
{
+    
+    @Test
+    public void testJwsJsonBookDoubleHmac() throws Exception {
+        String address = "https://localhost:" + PORT + "/jwsjsonhmac2";
+        List<String> properties = new ArrayList<String>();
+        properties.add("org/apache/cxf/systest/jaxrs/security/secret.jwk.properties");
+        properties.add("org/apache/cxf/systest/jaxrs/security/secret.jwk.hmac.properties");
+        BookStore bs = createBookStore(address, properties);
+        Book book = bs.echoBook(new Book("book", 123L));
+        assertEquals("book", book.getName());
+        assertEquals(123L, book.getId());
+    }
+    
+    @Test
+    public void testJwsJsonBookDoubleHmacSinglePropsFile() throws Exception {
+        String address = "https://localhost:" + PORT + "/jwsjsonhmac2";
+        List<String> properties = new ArrayList<String>();
+        properties.add("org/apache/cxf/systest/jaxrs/security/secret.jwk.hmac2.properties");
+        BookStore bs = createBookStore(address, properties);
+        Book book = bs.echoBook(new Book("book", 123L));
+        assertEquals("book", book.getName());
+        assertEquals(123L, book.getId());
+    }
+       
+    private BookStore createBookStore(String address, Object properties) throws Exception
{
         JAXRSClientFactoryBean bean = new JAXRSClientFactoryBean();
         SpringBusFactory bf = new SpringBusFactory();
         URL busFile = JAXRSJwsJsonTest.class.getResource("client.xml");

http://git-wip-us.apache.org/repos/asf/cxf/blob/b6a5a879/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/serverJwsJson.xml
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/serverJwsJson.xml
b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/serverJwsJson.xml
index 2e3911d..a5e3608 100644
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/serverJwsJson.xml
+++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/serverJwsJson.xml
@@ -58,5 +58,18 @@ under the License.
             <entry key="rs.security.signature.list.properties" value="org/apache/cxf/systest/jaxrs/security/secret.jwk.properties"/>
         </jaxrs:properties>
     </jaxrs:server>
+    <jaxrs:server address="https://localhost:${testutil.ports.jaxrs-jws-json}/jwsjsonhmac2">
+        <jaxrs:serviceBeans>
+            <ref bean="serviceBean"/>
+        </jaxrs:serviceBeans>
+        <jaxrs:providers>
+            <ref bean="jwsInFilter"/>
+            <ref bean="jwsOutFilter"/>
+        </jaxrs:providers>
+        <jaxrs:properties>
+            <entry key="rs.security.signature.list.properties" 
+            value="org/apache/cxf/systest/jaxrs/security/secret.jwk.properties,org/apache/cxf/systest/jaxrs/security/secret.jwk.hmac.properties"/>
+        </jaxrs:properties>
+    </jaxrs:server>
     
 </beans>

http://git-wip-us.apache.org/repos/asf/cxf/blob/b6a5a879/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet.txt
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet.txt
b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet.txt
index 3aab043..0dde577 100644
--- a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet.txt
+++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet.txt
@@ -16,6 +16,11 @@
           "k":"AyM1SysPpbyDfgZld3umj1qzKObwVMkoqQ-EstJQLr_T-1qS0gZH75aKtMN3Yj0iPS4hcgUuTwjAzZr1Z9CAow",
           "kid":"HMACKey"},
           
+          {"kty":"oct",
+           "alg":"HS512",
+           "k":"SFM1MTJTZWNyZXRLZXlUb1NpZ25Db250ZW50LkhTNTEyU2VjcmV0S2V5VG9TaWduQ29udGVudC5IUzUxMlNlY3JldEtleVRvU2lnbkNvbnRlbnQuSFM1MTJTZWNyZXRLZXlUb1NpZ25Db250ZW50LkhTNTEyU2VjcmV0S2V5VG9TaWduQ29udGVudC5IUzUxMlNlY3JldEtleVRvU2lnbkNvbnRlbnQuSFM1MTJTZWNyZXRLZXlUb1NpZ25Db250ZW50LkhTNTEyU2VjcmV0S2V5VG9TaWduQ29udGVudC5IUzUxMlNlY3JldEtleVRvU2lnbkNvbnRlbnQuSFM1MTJTZWNyZXRLZXlUb1NpZ25Db250ZW50LkhTNTEyU2VjcmV0S2V5VG9TaWduQ29udGVudC5IUzUxMlNlY3JldEtleVRvU2lnbkNvbnRlbnQuSFM1MTJTZWNyZXRLZXlUb1NpZ25Db250ZW50LkhTNTEyU2VjcmV0S2V5VG9TaWduQ29udGVudC4",
+           "kid":"HMAC512Key"},
+          
           {"kty":"EC",
           "crv":"P-256",
           "x":"MKBCTNIcKUSDii11ySs3526iDZ8AiTo7Tu6KPAqv7D4",


Mime
View raw message