cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject cxf git commit: [CXF-6085] Adding a multiple recipients test
Date Fri, 13 Feb 2015 17:48:05 GMT
Repository: cxf
Updated Branches:
  refs/heads/master 0d3d0bd91 -> 741ebc5d3


[CXF-6085] Adding a multiple recipients test


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/741ebc5d
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/741ebc5d
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/741ebc5d

Branch: refs/heads/master
Commit: 741ebc5d360db7b850401a4798f79a3996301885
Parents: 0d3d0bd
Author: Sergey Beryozkin <sberyozkin@talend.com>
Authored: Fri Feb 13 17:47:50 2015 +0000
Committer: Sergey Beryozkin <sberyozkin@talend.com>
Committed: Fri Feb 13 17:47:50 2015 +0000

----------------------------------------------------------------------
 .../rs/security/jose/jwe/JweJsonProducer.java   | 15 ++---
 .../security/jose/jwe/JweJsonProducerTest.java  | 71 ++++++++++++++++++--
 2 files changed, 71 insertions(+), 15 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/741ebc5d/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducer.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducer.java
b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducer.java
index 4586a0f..3dcd1e7 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducer.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducer.java
@@ -19,7 +19,6 @@
 package org.apache.cxf.rs.security.jose.jwe;
 
 import java.util.ArrayList;
-import java.util.Arrays;
 import java.util.Collections;
 import java.util.HashSet;
 import java.util.LinkedHashMap;
@@ -109,28 +108,22 @@ public class JweJsonProducer {
             jsonHeaders.setProtectedHeaders(protectedHeader);
             
             JweEncryptionInput input = createEncryptionInput(jsonHeaders);
-                
+            if (i > 0) {    
+                input.setContent(null);
+            }
             JweEncryptionOutput state = encryptor.getEncryptionOutput(input);
-            
             byte[] currentCipherText = state.getEncryptedContent();
             byte[] currentAuthTag = state.getAuthTag();
             byte[] currentIv = state.getIv();
             if (cipherText == null) {
                 cipherText = currentCipherText;
-            } else if (!Arrays.equals(cipherText, currentCipherText)) {
-                throw new SecurityException();
             }
             if (authTag == null) {
                 authTag = currentAuthTag;
-            } else if (!Arrays.equals(authTag, currentAuthTag)) {
-                throw new SecurityException();
             }
             if (iv == null) {
                 iv = currentIv;
-            } else if (!Arrays.equals(iv, currentIv)) {
-                throw new SecurityException();
-            }
-            
+            } 
             
             byte[] encryptedCek = state.getContentEncryptionKey(); 
             if (encryptedCek == null && encryptor.getKeyAlgorithm() != null) {

http://git-wip-us.apache.org/repos/asf/cxf/blob/741ebc5d/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducerTest.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducerTest.java
b/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducerTest.java
index cb18edc..0d85d24 100644
--- a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducerTest.java
+++ b/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducerTest.java
@@ -19,6 +19,8 @@
 package org.apache.cxf.rs.security.jose.jwe;
 
 import java.security.Security;
+import java.util.LinkedList;
+import java.util.List;
 
 import javax.crypto.Cipher;
 import javax.crypto.SecretKey;
@@ -36,7 +38,8 @@ import org.junit.BeforeClass;
 import org.junit.Test;
 
 public class JweJsonProducerTest extends Assert {
-    private static final byte[] WRAPPER_BYTES = {91, 96, 105, 38, 99, 108, 110, 8, -93, 50,
-15, 62, 0, -115, 73, -39};
+    private static final byte[] WRAPPER_BYTES1 = {91, 96, 105, 38, 99, 108, 110, 8, -93,
50, -15, 62, 0, -115, 73, -39};
+    private static final byte[] WRAPPER_BYTES2 = {-39, 96, 105, 38, 99, 108, 110, 8, -93,
50, -15, 62, 0, -115, 73, 91};
     private static final byte[] CEK_BYTES = {-43, 123, 77, 115, 40, 49, -4, -9, -48, -74,
62, 59, 60, 102, -22, -100};
     private static final String SINGLE_RECIPIENT_OUTPUT = 
         "{" 
@@ -75,6 +78,26 @@ public class JweJsonProducerTest extends Assert {
         + "\"ciphertext\":\"KTuJBMk9QG59xPB-c_YLM5-J7VG40_eMPvyHDD7eB-WHj_34YiWgpBOydTBm4RW0zUCJZ09xqorhWJME-DcQ\","
         + "\"tag\":\"oVUQGS9608D-INq61-vOaA\""
         + "}";
+    private static final String MULTIPLE_RECIPIENTS_OUTPUT = 
+        "{" 
+        + "\"protected\":\"eyJlbmMiOiJBMTI4R0NNIn0\","
+        + "\"unprotected\":{\"jku\":\"https://server.example.com/keys.jwks\",\"alg\":\"A128KW\"},"
   
+        + "\"recipients\":" 
+        + "["
+        + "{"
+        + "\"encrypted_key\":\"b3-M9_CRgT3wEBhhXlpb-BoY7vtA4W_N\""
+        + "},"
+        + "{"
+        + "\"encrypted_key\":\"6a_nnEYO45qB_Vp6N2QbFQ7Cv1uecbiE\""
+        + "}"
+        + "],"
+        + "\"aad\":\"WyJ2Y2FyZCIsW1sidmVyc2lvbiIse30sInRleHQiLCI0LjAiXSxbImZuIix7fSwidGV4dCIsIk1lcmlhZG9jIEJyYW5keWJ1Y"
+                    + "2siXSxbIm4iLHt9LCJ0ZXh0IixbIkJyYW5keWJ1Y2siLCJNZXJpYWRvYyIsIk1yLiIsIiJdXSxbImJkYXkiLHt9LCJ0ZXh0"
+                    + "IiwiVEEgMjk4MiJdLFsiZ2VuZGVyIix7fSwidGV4dCIsIk0iXV1d\","
+        + "\"iv\":\"48V1_ALb6US04U3b\","
+        + "\"ciphertext\":\"KTuJBMk9QG59xPB-c_YLM5-J7VG40_eMPvyHDD7eB-WHj_34YiWgpBOydTBm4RW0zUCJZ09xqorhWJME-DcQ\","
+        + "\"tag\":\"oVUQGS9608D-INq61-vOaA\""
+        + "}";
     private static final String EXTRA_AAD_SOURCE = 
         "[\"vcard\",["
         + "[\"version\",{},\"text\",\"4.0\"],"
@@ -112,14 +135,14 @@ public class JweJsonProducerTest extends Assert {
     public void testSingleRecipientGcm() throws Exception {
         final String text = "The true sign of intelligence is not knowledge but imagination.";
         doTestSingleRecipient(text, SINGLE_RECIPIENT_OUTPUT, JoseConstants.A128GCM_ALGO,

-                              WRAPPER_BYTES, JweCompactReaderWriterTest.INIT_VECTOR_A1, 
+                              WRAPPER_BYTES1, JweCompactReaderWriterTest.INIT_VECTOR_A1,

                               CEK_BYTES, false);
     }
     @Test
     public void testSingleRecipientFlatGcm() throws Exception {
         final String text = "The true sign of intelligence is not knowledge but imagination.";
         doTestSingleRecipient(text, SINGLE_RECIPIENT_FLAT_OUTPUT, JoseConstants.A128GCM_ALGO,

-                              WRAPPER_BYTES, JweCompactReaderWriterTest.INIT_VECTOR_A1, 
+                              WRAPPER_BYTES1, JweCompactReaderWriterTest.INIT_VECTOR_A1,

                               CEK_BYTES, true);
     }
     @Test
@@ -158,7 +181,7 @@ public class JweJsonProducerTest extends Assert {
     @Test
     public void testSingleRecipientAllTypeOfHeadersAndAad() {
         final String text = "The true sign of intelligence is not knowledge but imagination.";
-        SecretKey wrapperKey = CryptoUtils.createSecretKeySpec(WRAPPER_BYTES, "AES");
+        SecretKey wrapperKey = CryptoUtils.createSecretKeySpec(WRAPPER_BYTES1, "AES");
         
         JweHeaders protectedHeaders = new JweHeaders(JoseConstants.A128GCM_ALGO);
         JweHeaders sharedUnprotectedHeaders = new JweHeaders();
@@ -185,5 +208,45 @@ public class JweJsonProducerTest extends Assert {
         String jweJson = p.encryptWith(jwe, recepientUnprotectedHeaders);
         assertEquals(SINGLE_RECIPIENT_ALL_HEADERS_AAD_OUTPUT, jweJson);
     }
+    @Test
+    public void testMultipleRecipients() {
+        final String text = "The true sign of intelligence is not knowledge but imagination.";
+        SecretKey wrapperKey1 = CryptoUtils.createSecretKeySpec(WRAPPER_BYTES1, "AES");
+        SecretKey wrapperKey2 = CryptoUtils.createSecretKeySpec(WRAPPER_BYTES2, "AES");
+        
+        JweHeaders protectedHeaders = new JweHeaders(JoseConstants.A128GCM_ALGO);
+        JweHeaders sharedUnprotectedHeaders = new JweHeaders();
+        sharedUnprotectedHeaders.setJsonWebKeysUrl("https://server.example.com/keys.jwks");
+        sharedUnprotectedHeaders.setKeyEncryptionAlgorithm(JoseConstants.A128KW_ALGO);
+        
+        List<JweEncryptionProvider> jweList = new LinkedList<JweEncryptionProvider>();
+        
+        KeyEncryptionAlgorithm keyEncryption1 = 
+            JweUtils.getSecretKeyEncryptionAlgorithm(wrapperKey1, JoseConstants.A128KW_ALGO);
+        ContentEncryptionAlgorithm contentEncryption = 
+            JweUtils.getContentEncryptionAlgorithm(JoseConstants.A128GCM_ALGO);
+        JweEncryptionProvider jwe1 = new WrappedKeyJweEncryption(keyEncryption1, contentEncryption);
+        KeyEncryptionAlgorithm keyEncryption2 = 
+            JweUtils.getSecretKeyEncryptionAlgorithm(wrapperKey2, JoseConstants.A128KW_ALGO);
+        JweEncryptionProvider jwe2 = new WrappedKeyJweEncryption(keyEncryption2, contentEncryption);
+        jweList.add(jwe1);
+        jweList.add(jwe2);
+        
+        JweJsonProducer p = new JweJsonProducer(protectedHeaders,
+                                                sharedUnprotectedHeaders,
+                                                StringUtils.toBytesUTF8(text),
+                                                StringUtils.toBytesUTF8(EXTRA_AAD_SOURCE),
+                                                false) {
+            protected JweEncryptionInput createEncryptionInput(JweHeaders jsonHeaders) {
+                JweEncryptionInput input = super.createEncryptionInput(jsonHeaders);
+                input.setCek(CEK_BYTES);
+                input.setIv(JweCompactReaderWriterTest.INIT_VECTOR_A1);
+                return input;
+            }
+        };
+        
+        String jweJson = p.encryptWith(jweList);
+        assertEquals(MULTIPLE_RECIPIENTS_OUTPUT, jweJson);
+    }
 }
 


Mime
View raw message