cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject cxf git commit: [CXF-6085] Adding basic JwsJsonProducer tests
Date Thu, 12 Feb 2015 12:58:24 GMT
Repository: cxf
Updated Branches:
  refs/heads/master 74bff9b1d -> d3c194bd0


[CXF-6085] Adding basic JwsJsonProducer tests


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/d3c194bd
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/d3c194bd
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/d3c194bd

Branch: refs/heads/master
Commit: d3c194bd02d0198433615d94af114edbafdbe527
Parents: 74bff9b
Author: Sergey Beryozkin <sberyozkin@talend.com>
Authored: Thu Feb 12 12:58:07 2015 +0000
Committer: Sergey Beryozkin <sberyozkin@talend.com>
Committed: Thu Feb 12 12:58:07 2015 +0000

----------------------------------------------------------------------
 .../cxf/rs/security/jose/JoseHeaders.java       |   8 ++
 .../rs/security/jose/jwe/JweJsonProducer.java   |  42 ++++++--
 .../jose/jwe/JweCompactReaderWriterTest.java    |   4 +-
 .../security/jose/jwe/JweJsonProducerTest.java  | 107 +++++++++++++++++--
 4 files changed, 141 insertions(+), 20 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/d3c194bd/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/JoseHeaders.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/JoseHeaders.java
b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/JoseHeaders.java
index 819e408..a73e7b0 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/JoseHeaders.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/JoseHeaders.java
@@ -118,6 +118,14 @@ public class JoseHeaders extends JsonMapObject {
         setHeader(headerName, key);
     }
     
+    public void setJsonWebKeysUrl(String url) {
+        setHeader(JoseConstants.HEADER_JSON_WEB_KEY_SET, url);
+    }
+    
+    public String getJsonWebKeysUrl() {
+        return (String)getHeader(JoseConstants.HEADER_JSON_WEB_KEY_SET);
+    }
+    
     public JsonWebKey getJsonWebKey() {
         return getJsonWebKey(JoseConstants.HEADER_JSON_WEB_KEY);
     }

http://git-wip-us.apache.org/repos/asf/cxf/blob/d3c194bd/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducer.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducer.java
b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducer.java
index ede3a0a..7dc3357 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducer.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducer.java
@@ -37,17 +37,25 @@ public class JweJsonProducer {
     private JweHeaders unprotectedHeader;
     private byte[] content;
     private byte[] aad;
+    private boolean canBeFlat;
     public JweJsonProducer(JweHeaders protectedHeader, byte[] content) {
-        this.protectedHeader = protectedHeader;
-        this.content = content;    
+        this(protectedHeader, content, false);    
+    }
+    public JweJsonProducer(JweHeaders protectedHeader, byte[] content, boolean canBeFlat)
{
+        this(protectedHeader, content, null, canBeFlat);
     }
-    public JweJsonProducer(JweHeaders protectedHeader, byte[] content, byte[] aad) {
-        this(protectedHeader, content);
+    public JweJsonProducer(JweHeaders protectedHeader, byte[] content, byte[] aad, boolean
canBeFlat) {
+        this.protectedHeader = protectedHeader;
+        this.content = content;
         this.aad = aad;
+        this.canBeFlat = canBeFlat;
     }
-    public JweJsonProducer(JweHeaders protectedHeader, JweHeaders unprotectedHeader, 
-                           byte[] content, byte[] aad) {
-        this(protectedHeader, content, aad);
+    public JweJsonProducer(JweHeaders protectedHeader, 
+                           JweHeaders unprotectedHeader, 
+                           byte[] content, 
+                           byte[] aad,
+                           boolean canBeFlat) {
+        this(protectedHeader, content, aad, canBeFlat);
         this.unprotectedHeader = unprotectedHeader;
     }
     public String encryptWith(JweEncryptionProvider encryptor) {
@@ -68,8 +76,8 @@ public class JweJsonProducer {
             throw new IllegalArgumentException();
         }
         //TODO: determine the actual cek and iv length based on the algo
-        byte[] cek = CryptoUtils.generateSecureRandomBytes(32);
-        byte[] iv = CryptoUtils.generateSecureRandomBytes(16);
+        byte[] cek = generateCek();
+        byte[] iv = generateIv();
         JweHeaders unionHeaders = new JweHeaders();
         if (protectedHeader != null) {
             unionHeaders.asMap().putAll(protectedHeader.asMap());
@@ -153,7 +161,15 @@ public class JweJsonProducer {
                 throw new SecurityException(ex);
             }
         }
-        jweJsonMap.put("recipients", entries);
+        if (entries.size() == 1 && canBeFlat) {
+            JweHeaders unprotectedEntryHeader = entries.get(0).getUnprotectedHeader();
+            if (unprotectedEntryHeader != null) {
+                jweJsonMap.put("header", unprotectedEntryHeader);
+            }
+            jweJsonMap.put("encrypted_key", entries.get(0).getEncodedEncryptedKey());
+        } else {
+            jweJsonMap.put("recipients", entries);
+        }
         if (aad != null) {
             jweJsonMap.put("aad", Base64UrlUtility.encode(aad));
         }
@@ -162,6 +178,12 @@ public class JweJsonProducer {
         jweJsonMap.put("tag", Base64UrlUtility.encode(authTag));
         return writer.toJson(jweJsonMap);
     }
+    protected byte[] generateIv() {
+        return CryptoUtils.generateSecureRandomBytes(16);
+    }
+    protected byte[] generateCek() {
+        return CryptoUtils.generateSecureRandomBytes(32);
+    }
     private String checkAndGetContentAlgorithm(List<JweEncryptionProvider> encryptors)
{
         Set<String> set = new HashSet<String>();
         for (JweEncryptionProvider encryptor : encryptors) {

http://git-wip-us.apache.org/repos/asf/cxf/blob/d3c194bd/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweCompactReaderWriterTest.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweCompactReaderWriterTest.java
b/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweCompactReaderWriterTest.java
index c3f52f3..e48e423 100644
--- a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweCompactReaderWriterTest.java
+++ b/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweCompactReaderWriterTest.java
@@ -54,7 +54,7 @@ public class JweCompactReaderWriterTest extends Assert {
            + "tPs6mS6XrgxnxbWhojf663tuEQueGC-FCMfra36C9knDFGzKsNa7LZK2dj"
            + "YgyD3JR_MB_4NUJW_TqOQtwHYbxevoJArm-L5StowjzGy-_bq6Gw";
     static final String RSA_PUBLIC_EXPONENT_ENCODED_A1 = "AQAB";
-    private static final String RSA_PRIVATE_EXPONENT_ENCODED_A1 = 
+    static final String RSA_PRIVATE_EXPONENT_ENCODED_A1 = 
         "kLdtIj6GbDks_ApCSTYQtelcNttlKiOyPzMrXHeI-yk1F7-kpDxY4-WY5N"
         + "WV5KntaEeXS1j82E375xxhWMHXyvjYecPT9fpwR_M9gV8n9Hrh2anTpTD9"
         + "3Dt62ypW3yDsJzBnTnrYu1iwWRgBKrEYY46qAZIrA2xAwnm2X7uGR1hghk"
@@ -62,7 +62,7 @@ public class JweCompactReaderWriterTest extends Assert {
         + "t3UVe4WO3JkJOzlpUf-KTVI2Ptgm-dARxTEtE-id-4OJr0h-K-VFs3VSnd"
         + "VTIznSxfyrj8ILL6MG_Uv8YAu7VILSB3lOW085-4qE3DzgrTjgyQ";
     
-    private static final byte[] INIT_VECTOR_A1 = {(byte)227, (byte)197, 117, (byte)252, 2,
(byte)219, 
+    static final byte[] INIT_VECTOR_A1 = {(byte)227, (byte)197, 117, (byte)252, 2, (byte)219,

         (byte)233, 68, (byte)180, (byte)225, 77, (byte)219};
     
     // A3 example

http://git-wip-us.apache.org/repos/asf/cxf/blob/d3c194bd/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducerTest.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducerTest.java
b/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducerTest.java
index 166c326..9fb7b3f 100644
--- a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducerTest.java
+++ b/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducerTest.java
@@ -19,9 +19,9 @@
 package org.apache.cxf.rs.security.jose.jwe;
 
 import java.security.Security;
-import java.security.interfaces.RSAPublicKey;
 
 import javax.crypto.Cipher;
+import javax.crypto.SecretKey;
 
 import org.apache.cxf.common.util.StringUtils;
 import org.apache.cxf.common.util.crypto.CryptoUtils;
@@ -35,6 +35,53 @@ import org.junit.BeforeClass;
 import org.junit.Test;
 
 public class JweJsonProducerTest extends Assert {
+    private static final byte[] SECRET_BYTES = {91, 96, 105, 38, 99, 108, 110, 8, -93, 50,
-15, 62, 0, -115, 73, -39};
+    private static final String SINGLE_RECIPIENT_OUTPUT = 
+        "{" 
+        + "\"protected\":\"eyJhbGciOiJBMTI4S1ciLCJlbmMiOiJBMTI4R0NNIn0\","
+        + "\"recipients\":" 
+        + "["
+        + "{\"encrypted_key\":\"fO3KxJioD3Hj1V5E1pjWNNt-3vNl23oc2xgVI1Zu-82fsZ83hQLXrg\"}"
+        + "],"
+        + "\"iv\":\"48V1_ALb6US04U3b\","
+        + "\"ciphertext\":\"5eym8TW_c8SuK0ltJ3rpYIzOeDQz7TALvtu6UG9oMo4vpzs9tX_EFShS8iB7j6jiSdiwkIr3ajwQzaBtQD_A\","
+        + "\"tag\":\"5UuOareuoUxY2iCS50WJgg\""
+        + "}";
+    private static final String SINGLE_RECIPIENT_FLAT_OUTPUT = 
+        "{" 
+        + "\"protected\":\"eyJhbGciOiJBMTI4S1ciLCJlbmMiOiJBMTI4R0NNIn0\","
+        + "\"encrypted_key\":\"fO3KxJioD3Hj1V5E1pjWNNt-3vNl23oc2xgVI1Zu-82fsZ83hQLXrg\","
+        + "\"iv\":\"48V1_ALb6US04U3b\","
+        + "\"ciphertext\":\"5eym8TW_c8SuK0ltJ3rpYIzOeDQz7TALvtu6UG9oMo4vpzs9tX_EFShS8iB7j6jiSdiwkIr3ajwQzaBtQD_A\","
+        + "\"tag\":\"5UuOareuoUxY2iCS50WJgg\""
+        + "}";
+    private static final String SINGLE_RECIPIENT_ALL_HEADERS_AAD_OUTPUT = 
+        "{" 
+        + "\"protected\":\"eyJlbmMiOiJBMTI4R0NNIn0\","
+        + "\"unprotected\":{\"jku\":\"https://server.example.com/keys.jwks\"},"    
+        + "\"recipients\":" 
+        + "["
+        + "{"
+        + "\"header\":{\"alg\":\"A128KW\"},"
+        + "\"encrypted_key\":\"fO3KxJioD3Hj1V5E1pjWNNt-3vNl23oc2xgVI1Zu-82fsZ83hQLXrg\""
+        + "}"
+        + "],"
+        + "\"aad\":\"WyJ2Y2FyZCIsW1sidmVyc2lvbiIse30sInRleHQiLCI0LjAiXSxbImZuIix7fSwidGV4dCIsIk1lcmlhZG9jIEJyYW5keWJ1Y"
+                    + "2siXSxbIm4iLHt9LCJ0ZXh0IixbIkJyYW5keWJ1Y2siLCJNZXJpYWRvYyIsIk1yLiIsIiJdXSxbImJkYXkiLHt9LCJ0ZXh0"
+                    + "IiwiVEEgMjk4MiJdLFsiZ2VuZGVyIix7fSwidGV4dCIsIk0iXV1d\","
+        + "\"iv\":\"48V1_ALb6US04U3b\","
+        + "\"ciphertext\":\"5eym8TW_c8SuK0ltJ3rpYIzOeDQz7TALvtu6UG9oMo4vpzs9tX_EFShS8iB7j6jiSdiwkIr3ajwQzaBtQD_A\","
+        + "\"tag\":\"4UXkQQGddmRB_df95kvhzA\""
+        + "}";
+    private static final String EXTRA_AAD_SOURCE = 
+        "[\"vcard\",["
+        + "[\"version\",{},\"text\",\"4.0\"],"
+        + "[\"fn\",{},\"text\",\"Meriadoc Brandybuck\"],"
+        + "[\"n\",{},\"text\",[\"Brandybuck\",\"Meriadoc\",\"Mr.\",\"\"]],"
+        + "[\"bday\",{},\"text\",\"TA 2982\"],"
+        + "[\"gender\",{},\"text\",\"M\"]"
+        + "]]";
+    
     @BeforeClass
     public static void registerBouncyCastleIfNeeded() throws Exception {
         try {
@@ -51,16 +98,60 @@ public class JweJsonProducerTest extends Assert {
     
     @Test
     public void testSingleRecipient() throws Exception {
+        doTestSingleRecipientFlat(SINGLE_RECIPIENT_OUTPUT, false);
+        
+    }
+    @Test
+    public void testSingleRecipientFlat() throws Exception {
+        doTestSingleRecipientFlat(SINGLE_RECIPIENT_FLAT_OUTPUT, true);
+    }
+    
+    private void doTestSingleRecipientFlat(String expectedOutput, boolean canBeFlat) throws
Exception {
         final String text = "The true sign of intelligence is not knowledge but imagination.";
-        RSAPublicKey publicKey = CryptoUtils.getRSAPublicKey(JweCompactReaderWriterTest.RSA_MODULUS_ENCODED_A1,

-                                                             JweCompactReaderWriterTest.RSA_PUBLIC_EXPONENT_ENCODED_A1);
-        JweHeaders headers = new JweHeaders(Algorithm.RSA_OAEP.getJwtName(),
+        SecretKey wrapperKey = CryptoUtils.createSecretKeySpec(SECRET_BYTES, "AES");
+        JweHeaders headers = new JweHeaders(JoseConstants.A128KW_ALGO,
                                             JoseConstants.A128GCM_ALGO);
-        JweEncryptionProvider jwe = JweUtils.createJweEncryptionProvider(publicKey, headers);
-        JweJsonProducer p = new JweJsonProducer(headers, StringUtils.toBytesUTF8(text));
-        String jweJws = p.encryptWith(jwe);
-        assertNotNull(jweJws);
+        JweEncryptionProvider jwe = JweUtils.createJweEncryptionProvider(wrapperKey, headers);
+        JweJsonProducer p = new JweJsonProducer(headers, StringUtils.toBytesUTF8(text), canBeFlat)
{
+            protected byte[] generateIv() {
+                return JweCompactReaderWriterTest.INIT_VECTOR_A1;
+            }
+            protected byte[] generateCek() {
+                return JweCompactReaderWriterTest.CONTENT_ENCRYPTION_KEY_A1;
+            }    
+        };
+        String jweJson = p.encryptWith(jwe);
+        assertEquals(expectedOutput, jweJson);
+    }
+    @Test
+    public void testSingleRecipientAllTypeOfHeadersAndAad() {
+        final String text = "The true sign of intelligence is not knowledge but imagination.";
+        SecretKey wrapperKey = CryptoUtils.createSecretKeySpec(SECRET_BYTES, "AES");
+        
+        JweHeaders protectedHeaders = new JweHeaders(JoseConstants.A128GCM_ALGO);
+        JweHeaders sharedUnprotectedHeaders = new JweHeaders();
+        sharedUnprotectedHeaders.setJsonWebKeysUrl("https://server.example.com/keys.jwks");
         
+        JweEncryptionProvider jwe = JweUtils.createJweEncryptionProvider(wrapperKey, 
+                                                                         JoseConstants.A128KW_ALGO,
+                                                                         JoseConstants.A128GCM_ALGO,
+                                                                         null);
+        JweJsonProducer p = new JweJsonProducer(protectedHeaders,
+                                                sharedUnprotectedHeaders,
+                                                StringUtils.toBytesUTF8(text),
+                                                StringUtils.toBytesUTF8(EXTRA_AAD_SOURCE),
+                                                false) {
+            protected byte[] generateIv() {
+                return JweCompactReaderWriterTest.INIT_VECTOR_A1;
+            }
+            protected byte[] generateCek() {
+                return JweCompactReaderWriterTest.CONTENT_ENCRYPTION_KEY_A1;
+            }    
+        };
+        JweHeaders recepientUnprotectedHeaders = new JweHeaders();
+        recepientUnprotectedHeaders.setKeyEncryptionAlgorithm(JoseConstants.A128KW_ALGO);
+        String jweJson = p.encryptWith(jwe, recepientUnprotectedHeaders);
+        assertEquals(SINGLE_RECIPIENT_ALL_HEADERS_AAD_OUTPUT, jweJson);
     }
 }
 


Mime
View raw message