Return-Path: X-Original-To: apmail-cxf-commits-archive@www.apache.org Delivered-To: apmail-cxf-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 04862175CC for ; Tue, 17 Feb 2015 17:43:10 +0000 (UTC) Received: (qmail 33803 invoked by uid 500); 17 Feb 2015 17:43:00 -0000 Delivered-To: apmail-cxf-commits-archive@cxf.apache.org Received: (qmail 33741 invoked by uid 500); 17 Feb 2015 17:43:00 -0000 Mailing-List: contact commits-help@cxf.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cxf.apache.org Delivered-To: mailing list commits@cxf.apache.org Received: (qmail 33732 invoked by uid 99); 17 Feb 2015 17:43:00 -0000 Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org) (140.211.11.23) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 17 Feb 2015 17:43:00 +0000 Received: by git1-us-west.apache.org (ASF Mail Server at git1-us-west.apache.org, from userid 33) id 3B3D5E03E8; Tue, 17 Feb 2015 17:43:00 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: sergeyb@apache.org To: commits@cxf.apache.org Message-Id: X-Mailer: ASF-Git Admin Mailer Subject: cxf git commit: [CXF-6085] Prototyping JwsJsonConsumer Date: Tue, 17 Feb 2015 17:43:00 +0000 (UTC) Repository: cxf Updated Branches: refs/heads/master 6991bdb7f -> 5ca457f15 [CXF-6085] Prototyping JwsJsonConsumer Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/5ca457f1 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/5ca457f1 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/5ca457f1 Branch: refs/heads/master Commit: 5ca457f153fc1e461d6d224f9bd27ef9a0874596 Parents: 6991bdb Author: Sergey Beryozkin Authored: Tue Feb 17 17:42:36 2015 +0000 Committer: Sergey Beryozkin Committed: Tue Feb 17 17:42:36 2015 +0000 ---------------------------------------------------------------------- .../json/JsonMapObjectReaderWriter.java | 6 +- .../rs/security/jose/jwe/JweJsonConsumer.java | 181 +++++++++++++++++++ .../jose/jwe/JweJsonEncryptionEntry.java | 4 + .../cxf/rs/security/jose/jwe/JweUtils.java | 20 +- .../security/jose/jwe/JweJsonConsumerTest.java | 162 +++++++++++++++++ .../security/jose/jwe/JweJsonProducerTest.java | 28 ++- 6 files changed, 382 insertions(+), 19 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/5ca457f1/rt/rs/extensions/providers/src/main/java/org/apache/cxf/jaxrs/provider/json/JsonMapObjectReaderWriter.java ---------------------------------------------------------------------- diff --git a/rt/rs/extensions/providers/src/main/java/org/apache/cxf/jaxrs/provider/json/JsonMapObjectReaderWriter.java b/rt/rs/extensions/providers/src/main/java/org/apache/cxf/jaxrs/provider/json/JsonMapObjectReaderWriter.java index dac1459..20e0777 100644 --- a/rt/rs/extensions/providers/src/main/java/org/apache/cxf/jaxrs/provider/json/JsonMapObjectReaderWriter.java +++ b/rt/rs/extensions/providers/src/main/java/org/apache/cxf/jaxrs/provider/json/JsonMapObjectReaderWriter.java @@ -115,7 +115,11 @@ public class JsonMapObjectReaderWriter { out.append("\r\n "); } } - + public JsonMapObject fromJsonToJsonObject(String json) { + JsonMapObject obj = new JsonMapObject(); + fromJson(obj, json); + return obj; + } public void fromJson(JsonMapObject obj, String json) { String theJson = json.trim(); JsonObjectSettable settable = new JsonObjectSettable(obj); http://git-wip-us.apache.org/repos/asf/cxf/blob/5ca457f1/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJsonConsumer.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJsonConsumer.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJsonConsumer.java new file mode 100644 index 0000000..23a014f --- /dev/null +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJsonConsumer.java @@ -0,0 +1,181 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.cxf.rs.security.jose.jwe; + +import java.io.UnsupportedEncodingException; +import java.util.Collections; +import java.util.LinkedHashMap; +import java.util.LinkedList; +import java.util.List; +import java.util.Map; + +import org.apache.cxf.helpers.CastUtils; +import org.apache.cxf.jaxrs.provider.json.JsonMapObjectReaderWriter; +import org.apache.cxf.rs.security.jose.JoseUtils; + +public class JweJsonConsumer { + private String protectedHeaderJson; + private JweHeaders protectedHeaderJwe; + private JweHeaders sharedUnprotectedHeader; + private List recipients = new LinkedList(); + private Map recipientsMap = + new LinkedHashMap(); + private byte[] aad; + private byte[] iv; + private byte[] cipherBytes; + private byte[] authTag; + + private JsonMapObjectReaderWriter reader = new JsonMapObjectReaderWriter(); + + public JweJsonConsumer(String payload) { + prepare(payload); + } + + public JweDecryptionOutput decryptWith(JweDecryptionProvider jwe) { + JweJsonEncryptionEntry entry = getJweDecryptionEntry(jwe); + return decryptWith(jwe, entry); + } + public JweDecryptionOutput decryptWith(JweDecryptionProvider jwe, JweJsonEncryptionEntry entry) { + JweDecryptionInput jweDecryptionInput = getJweDecryptionInput(jwe, entry); + byte[] content = jwe.decrypt(jweDecryptionInput); + return new JweDecryptionOutput(jweDecryptionInput.getJweHeaders(), content); + } + + private JweDecryptionInput getJweDecryptionInput(JweDecryptionProvider jwe, JweJsonEncryptionEntry entry) { + if (jwe == null || entry == null) { + throw new SecurityException(); + } + JweHeaders unionHeaders = recipientsMap.get(entry); + if (unionHeaders == null) { + throw new SecurityException(); + } + JweDecryptionInput input = new JweDecryptionInput(entry.getEncryptedKey(), + iv, + cipherBytes, + authTag, + aad, + protectedHeaderJson, + unionHeaders); + return input; + } + + private JweJsonEncryptionEntry getJweDecryptionEntry(JweDecryptionProvider jwe) { + for (Map.Entry entry : recipientsMap.entrySet()) { + String keyAlgo = entry.getValue().getKeyEncryptionAlgorithm(); + if (keyAlgo != null && keyAlgo.equals(jwe.getKeyAlgorithm()) + || keyAlgo == null && jwe.getKeyAlgorithm() == null) { + return entry.getKey(); + } + } + return null; + } + + private void prepare(String payload) { + Map jsonObjectMap = reader.fromJson(payload); + String encodedProtectedHeader = (String)jsonObjectMap.get("protected"); + if (encodedProtectedHeader != null) { + protectedHeaderJson = JoseUtils.decodeToString(encodedProtectedHeader); + protectedHeaderJwe = + new JweHeaders(reader.fromJson(protectedHeaderJson)); + } + Map unprotectedHeader = CastUtils.cast((Map)jsonObjectMap.get("unprotected")); + sharedUnprotectedHeader = unprotectedHeader == null ? null : new JweHeaders(unprotectedHeader); + List> encryptionArray = CastUtils.cast((List)jsonObjectMap.get("recipients")); + if (encryptionArray != null) { + if (jsonObjectMap.containsKey("encryption_key")) { + throw new SecurityException("Invalid JWE JSON sequence"); + } + for (Map encryptionEntry : encryptionArray) { + this.recipients.add(getEncryptionObject(encryptionEntry)); + } + } else { + this.recipients.add(getEncryptionObject(jsonObjectMap)); + } + aad = getDecodedBytes(jsonObjectMap, "aad"); + cipherBytes = getDecodedBytes(jsonObjectMap, "ciphertext"); + iv = getDecodedBytes(jsonObjectMap, "iv"); + authTag = getDecodedBytes(jsonObjectMap, "tag"); + } + protected JweJsonEncryptionEntry getEncryptionObject(Map encryptionEntry) { + Map header = CastUtils.cast((Map)encryptionEntry.get("header")); + JweHeaders recipientUnprotected = header == null ? null : new JweHeaders(header); + String encodedKey = (String)encryptionEntry.get("encrypted_key"); + JweJsonEncryptionEntry entry = new JweJsonEncryptionEntry(recipientUnprotected, encodedKey); + + JweHeaders unionHeaders = new JweHeaders(); + if (protectedHeaderJwe != null) { + unionHeaders.asMap().putAll(protectedHeaderJwe.asMap()); + unionHeaders.setProtectedHeaders(protectedHeaderJwe); + } + if (sharedUnprotectedHeader != null) { + if (!Collections.disjoint(unionHeaders.asMap().keySet(), + sharedUnprotectedHeader.asMap().keySet())) { + throw new SecurityException("Protected and unprotected headers have duplicate values"); + } + unionHeaders.asMap().putAll(sharedUnprotectedHeader.asMap()); + } + if (recipientUnprotected != null) { + if (!Collections.disjoint(unionHeaders.asMap().keySet(), + recipientUnprotected.asMap().keySet())) { + throw new SecurityException("Protected and unprotected headers have duplicate values"); + } + unionHeaders.asMap().putAll(recipientUnprotected.asMap()); + } + + recipientsMap.put(entry, unionHeaders); + return entry; + + } + protected byte[] getDecodedBytes(Map map, String name) { + String value = (String)map.get(name); + if (value != null) { + return JoseUtils.decode(value); + } + return null; + } + + public JweHeaders getProtectedHeader() { + return protectedHeaderJwe; + } + + public JweHeaders getSharedUnprotectedHeader() { + return sharedUnprotectedHeader; + } + + public byte[] getAad() { + return aad; + } + public String getAadText() { + if (aad == null) { + return null; + } + try { + return new String(aad, "UTF-8"); + } catch (UnsupportedEncodingException ex) { + throw new SecurityException(ex); + } + } + public List getRecipients() { + return recipients; + } + + public Map getRecipientsMap() { + return recipientsMap; + } +} http://git-wip-us.apache.org/repos/asf/cxf/blob/5ca457f1/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJsonEncryptionEntry.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJsonEncryptionEntry.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJsonEncryptionEntry.java index cdba53e..caa6d9f 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJsonEncryptionEntry.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJsonEncryptionEntry.java @@ -22,6 +22,7 @@ import java.util.LinkedHashMap; import java.util.Map; import org.apache.cxf.jaxrs.provider.json.JsonMapObjectReaderWriter; +import org.apache.cxf.rs.security.jose.JoseUtils; public class JweJsonEncryptionEntry { private JweHeaders unprotectedHeader; @@ -39,6 +40,9 @@ public class JweJsonEncryptionEntry { public String getEncodedEncryptedKey() { return encodedEncryptedKey; } + public byte[] getEncryptedKey() { + return encodedEncryptedKey == null ? null : JoseUtils.decode(encodedEncryptedKey); + } public String toJson() { JsonMapObjectReaderWriter jsonWriter = new JsonMapObjectReaderWriter(); Map recipientsEntry = new LinkedHashMap(); http://git-wip-us.apache.org/repos/asf/cxf/blob/5ca457f1/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java index c5aba2a..feba8bc 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java @@ -212,8 +212,13 @@ public final class JweUtils { return null; } public static JweEncryption getDirectKeyJweEncryption(JsonWebKey key) { - return new JweEncryption(new DirectKeyEncryptionAlgorithm(), + if (Algorithm.isAesCbcHmac(key.getAlgorithm())) { + return new AesCbcHmacJweEncryption(key.getAlgorithm(), JwkUtils.toSecretKey(key).getEncoded(), + null, new DirectKeyEncryptionAlgorithm()); + } else { + return new JweEncryption(new DirectKeyEncryptionAlgorithm(), getContentEncryptionAlgorithm(key, key.getAlgorithm())); + } } public static JweEncryption getDirectKeyJweEncryption(SecretKey key, String algorithm) { if (Algorithm.isAesCbcHmac(algorithm)) { @@ -225,12 +230,21 @@ public final class JweUtils { } } public static JweDecryption getDirectKeyJweDecryption(SecretKey key, String algorithm) { - return new JweDecryption(new DirectKeyDecryptionAlgorithm(key), + if (Algorithm.isAesCbcHmac(algorithm)) { + return new AesCbcHmacJweDecryption(new DirectKeyDecryptionAlgorithm(key), algorithm); + } else { + return new JweDecryption(new DirectKeyDecryptionAlgorithm(key), getContentDecryptionAlgorithm(algorithm)); + } } public static JweDecryption getDirectKeyJweDecryption(JsonWebKey key) { - return new JweDecryption(new DirectKeyDecryptionAlgorithm(JwkUtils.toSecretKey(key)), + if (Algorithm.isAesCbcHmac(key.getAlgorithm())) { + return new AesCbcHmacJweDecryption( + new DirectKeyDecryptionAlgorithm(JwkUtils.toSecretKey(key).getEncoded()), key.getAlgorithm()); + } else { + return new JweDecryption(new DirectKeyDecryptionAlgorithm(JwkUtils.toSecretKey(key)), getContentDecryptionAlgorithm(key.getAlgorithm())); + } } public static JweEncryptionProvider loadEncryptionProvider(boolean required) { return loadEncryptionProvider(null, required); http://git-wip-us.apache.org/repos/asf/cxf/blob/5ca457f1/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweJsonConsumerTest.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweJsonConsumerTest.java b/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweJsonConsumerTest.java new file mode 100644 index 0000000..0fcdece --- /dev/null +++ b/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweJsonConsumerTest.java @@ -0,0 +1,162 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.cxf.rs.security.jose.jwe; + +import java.security.Security; + +import javax.crypto.Cipher; +import javax.crypto.SecretKey; + +import org.apache.cxf.common.util.Base64UrlUtility; +import org.apache.cxf.common.util.crypto.CryptoUtils; +import org.apache.cxf.rs.security.jose.JoseConstants; +import org.apache.cxf.rs.security.jose.jwa.Algorithm; +import org.bouncycastle.jce.provider.BouncyCastleProvider; + +import org.junit.AfterClass; +import org.junit.Assert; +import org.junit.BeforeClass; +import org.junit.Test; + +public class JweJsonConsumerTest extends Assert { + + static final String SINGLE_RECIPIENT_ALL_HEADERS_AAD_MODIFIED_OUTPUT = + "{" + + "\"protected\":\"eyJlbmMiOiJBMTI4R0NNIn0\"," + + "\"unprotected\":{\"jku\":\"https://server.example.com/keys.jwks\"}," + + "\"recipients\":" + + "[" + + "{" + + "\"header\":{\"alg\":\"A128KW\"}," + + "\"encrypted_key\":\"b3-M9_CRgT3wEBhhXlpb-BoY7vtA4W_N\"" + + "}" + + "]," + + "\"aad\":\"" + Base64UrlUtility.encode(JweJsonProducerTest.EXTRA_AAD_SOURCE + ".") + "\"," + + "\"iv\":\"48V1_ALb6US04U3b\"," + + "\"ciphertext\":\"KTuJBMk9QG59xPB-c_YLM5-J7VG40_eMPvyHDD7eB-WHj_34YiWgpBOydTBm4RW0zUCJZ09xqorhWJME-DcQ\"," + + "\"tag\":\"oVUQGS9608D-INq61-vOaA\"" + + "}"; + + @BeforeClass + public static void registerBouncyCastleIfNeeded() throws Exception { + try { + Cipher.getInstance(Algorithm.AES_GCM_ALGO_JAVA); + Cipher.getInstance(Algorithm.AES_CBC_ALGO_JAVA); + } catch (Throwable t) { + Security.addProvider(new BouncyCastleProvider()); + } + } + @AfterClass + public static void unregisterBouncyCastleIfNeeded() throws Exception { + Security.removeProvider(BouncyCastleProvider.class.getName()); + } + + @Test + public void testSingleRecipientGcm() throws Exception { + final String text = "The true sign of intelligence is not knowledge but imagination."; + doTestSingleRecipient(text, + JweJsonProducerTest.SINGLE_RECIPIENT_OUTPUT, + JoseConstants.A128GCM_ALGO, + JweJsonProducerTest.WRAPPER_BYTES1, + null); + } + @Test + public void testSingleRecipientFlatGcm() throws Exception { + final String text = "The true sign of intelligence is not knowledge but imagination."; + doTestSingleRecipient(text, + JweJsonProducerTest.SINGLE_RECIPIENT_FLAT_OUTPUT, + JoseConstants.A128GCM_ALGO, + JweJsonProducerTest.WRAPPER_BYTES1, + null); + } + @Test + public void testSingleRecipientDirectGcm() throws Exception { + final String text = "The true sign of intelligence is not knowledge but imagination."; + doTestSingleRecipient(text, + JweJsonProducerTest.SINGLE_RECIPIENT_DIRECT_OUTPUT, + JoseConstants.A128GCM_ALGO, + null, + JweJsonProducerTest.CEK_BYTES); + } + @Test + public void testSingleRecipientDirectA128CBCHS256() throws Exception { + String text = "Live long and prosper."; + doTestSingleRecipient(text, + JweJsonProducerTest.SINGLE_RECIPIENT_A128CBCHS256_DIRECT_OUTPUT, + JoseConstants.A128CBC_HS256_ALGO, + null, + JweCompactReaderWriterTest.CONTENT_ENCRYPTION_KEY_A3); + } + @Test + public void testSingleRecipientA128CBCHS256() throws Exception { + String text = "Live long and prosper."; + doTestSingleRecipient(text, + JweJsonProducerTest.SINGLE_RECIPIENT_A128CBCHS256_OUTPUT, + JoseConstants.A128CBC_HS256_ALGO, + Base64UrlUtility.decode(JweCompactReaderWriterTest.KEY_ENCRYPTION_KEY_A3), + null); + } + @Test + public void testSingleRecipientAllTypeOfHeadersAndAad() { + final String text = "The true sign of intelligence is not knowledge but imagination."; + + SecretKey wrapperKey = CryptoUtils.createSecretKeySpec(JweJsonProducerTest.WRAPPER_BYTES1, + "AES"); + JweDecryptionProvider jwe = JweUtils.createJweDecryptionProvider(wrapperKey, JoseConstants.A128KW_ALGO, + JoseConstants.A128GCM_ALGO); + JweJsonConsumer consumer = new JweJsonConsumer(JweJsonProducerTest.SINGLE_RECIPIENT_ALL_HEADERS_AAD_OUTPUT); + JweDecryptionOutput out = consumer.decryptWith(jwe); + assertEquals(text, out.getContentText()); + assertEquals(JweJsonProducerTest.EXTRA_AAD_SOURCE, consumer.getAadText()); + } + @Test + public void testSingleRecipientAllTypeOfHeadersAndAadModified() { + SecretKey wrapperKey = CryptoUtils.createSecretKeySpec(JweJsonProducerTest.WRAPPER_BYTES1, + "AES"); + JweDecryptionProvider jwe = JweUtils.createJweDecryptionProvider(wrapperKey, JoseConstants.A128KW_ALGO, + JoseConstants.A128GCM_ALGO); + JweJsonConsumer consumer = new JweJsonConsumer(SINGLE_RECIPIENT_ALL_HEADERS_AAD_MODIFIED_OUTPUT); + try { + consumer.decryptWith(jwe); + fail("AAD check has passed unexpectedly"); + } catch (SecurityException ex) { + // expected + } + + } + private void doTestSingleRecipient(String text, + String input, + String contentEncryptionAlgo, + final byte[] wrapperKeyBytes, + final byte[] cek) throws Exception { + JweDecryptionProvider jwe = null; + if (wrapperKeyBytes != null) { + SecretKey wrapperKey = CryptoUtils.createSecretKeySpec(wrapperKeyBytes, "AES"); + jwe = JweUtils.createJweDecryptionProvider(wrapperKey, JoseConstants.A128KW_ALGO, contentEncryptionAlgo); + } else { + SecretKey cekKey = CryptoUtils.createSecretKeySpec(cek, "AES"); + jwe = JweUtils.getDirectKeyJweDecryption(cekKey, contentEncryptionAlgo); + } + JweJsonConsumer consumer = new JweJsonConsumer(input); + JweDecryptionOutput out = consumer.decryptWith(jwe); + assertEquals(text, out.getContentText()); + } + +} + http://git-wip-us.apache.org/repos/asf/cxf/blob/5ca457f1/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducerTest.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducerTest.java b/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducerTest.java index 0fdcc97..1fa0c9f 100644 --- a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducerTest.java +++ b/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducerTest.java @@ -38,10 +38,10 @@ import org.junit.BeforeClass; import org.junit.Test; public class JweJsonProducerTest extends Assert { - private static final byte[] WRAPPER_BYTES1 = {91, 96, 105, 38, 99, 108, 110, 8, -93, 50, -15, 62, 0, -115, 73, -39}; - private static final byte[] WRAPPER_BYTES2 = {-39, 96, 105, 38, 99, 108, 110, 8, -93, 50, -15, 62, 0, -115, 73, 91}; - private static final byte[] CEK_BYTES = {-43, 123, 77, 115, 40, 49, -4, -9, -48, -74, 62, 59, 60, 102, -22, -100}; - private static final String SINGLE_RECIPIENT_OUTPUT = + static final byte[] WRAPPER_BYTES1 = {91, 96, 105, 38, 99, 108, 110, 8, -93, 50, -15, 62, 0, -115, 73, -39}; + static final byte[] WRAPPER_BYTES2 = {-39, 96, 105, 38, 99, 108, 110, 8, -93, 50, -15, 62, 0, -115, 73, 91}; + static final byte[] CEK_BYTES = {-43, 123, 77, 115, 40, 49, -4, -9, -48, -74, 62, 59, 60, 102, -22, -100}; + static final String SINGLE_RECIPIENT_OUTPUT = "{" + "\"protected\":\"eyJhbGciOiJBMTI4S1ciLCJlbmMiOiJBMTI4R0NNIn0\"," + "\"recipients\":" @@ -52,7 +52,7 @@ public class JweJsonProducerTest extends Assert { + "\"ciphertext\":\"KTuJBMk9QG59xPB-c_YLM5-J7VG40_eMPvyHDD7eB-WHj_34YiWgpBOydTBm4RW0zUCJZ09xqorhWJME-DcQ\"," + "\"tag\":\"GxWlwvTPmHi4ZnQgafiHew\"" + "}"; - private static final String SINGLE_RECIPIENT_FLAT_OUTPUT = + static final String SINGLE_RECIPIENT_FLAT_OUTPUT = "{" + "\"protected\":\"eyJhbGciOiJBMTI4S1ciLCJlbmMiOiJBMTI4R0NNIn0\"," + "\"encrypted_key\":\"b3-M9_CRgT3wEBhhXlpb-BoY7vtA4W_N\"," @@ -60,7 +60,7 @@ public class JweJsonProducerTest extends Assert { + "\"ciphertext\":\"KTuJBMk9QG59xPB-c_YLM5-J7VG40_eMPvyHDD7eB-WHj_34YiWgpBOydTBm4RW0zUCJZ09xqorhWJME-DcQ\"," + "\"tag\":\"GxWlwvTPmHi4ZnQgafiHew\"" + "}"; - private static final String SINGLE_RECIPIENT_DIRECT_OUTPUT = + static final String SINGLE_RECIPIENT_DIRECT_OUTPUT = "{" + "\"protected\":\"eyJlbmMiOiJBMTI4R0NNIn0\"," + "\"recipients\":" @@ -71,14 +71,14 @@ public class JweJsonProducerTest extends Assert { + "\"ciphertext\":\"KTuJBMk9QG59xPB-c_YLM5-J7VG40_eMPvyHDD7eB-WHj_34YiWgpBOydTBm4RW0zUCJZ09xqorhWJME-DcQ\"," + "\"tag\":\"Te59ApbK8wNBDY_1_dgYSw\"" + "}"; - private static final String SINGLE_RECIPIENT_DIRECT_FLAT_OUTPUT = + static final String SINGLE_RECIPIENT_DIRECT_FLAT_OUTPUT = "{" + "\"protected\":\"eyJlbmMiOiJBMTI4R0NNIn0\"," + "\"iv\":\"48V1_ALb6US04U3b\"," + "\"ciphertext\":\"KTuJBMk9QG59xPB-c_YLM5-J7VG40_eMPvyHDD7eB-WHj_34YiWgpBOydTBm4RW0zUCJZ09xqorhWJME-DcQ\"," + "\"tag\":\"Te59ApbK8wNBDY_1_dgYSw\"" + "}"; - private static final String SINGLE_RECIPIENT_ALL_HEADERS_AAD_OUTPUT = + static final String SINGLE_RECIPIENT_ALL_HEADERS_AAD_OUTPUT = "{" + "\"protected\":\"eyJlbmMiOiJBMTI4R0NNIn0\"," + "\"unprotected\":{\"jku\":\"https://server.example.com/keys.jwks\"}," @@ -89,14 +89,12 @@ public class JweJsonProducerTest extends Assert { + "\"encrypted_key\":\"b3-M9_CRgT3wEBhhXlpb-BoY7vtA4W_N\"" + "}" + "]," - + "\"aad\":\"WyJ2Y2FyZCIsW1sidmVyc2lvbiIse30sInRleHQiLCI0LjAiXSxbImZuIix7fSwidGV4dCIsIk1lcmlhZG9jIEJyYW5keWJ1Y" - + "2siXSxbIm4iLHt9LCJ0ZXh0IixbIkJyYW5keWJ1Y2siLCJNZXJpYWRvYyIsIk1yLiIsIiJdXSxbImJkYXkiLHt9LCJ0ZXh0" - + "IiwiVEEgMjk4MiJdLFsiZ2VuZGVyIix7fSwidGV4dCIsIk0iXV1d\"," + + "\"aad\":\"" + Base64UrlUtility.encode(JweJsonProducerTest.EXTRA_AAD_SOURCE) + "\"," + "\"iv\":\"48V1_ALb6US04U3b\"," + "\"ciphertext\":\"KTuJBMk9QG59xPB-c_YLM5-J7VG40_eMPvyHDD7eB-WHj_34YiWgpBOydTBm4RW0zUCJZ09xqorhWJME-DcQ\"," + "\"tag\":\"oVUQGS9608D-INq61-vOaA\"" + "}"; - private static final String MULTIPLE_RECIPIENTS_OUTPUT = + static final String MULTIPLE_RECIPIENTS_OUTPUT = "{" + "\"protected\":\"eyJlbmMiOiJBMTI4R0NNIn0\"," + "\"unprotected\":{\"jku\":\"https://server.example.com/keys.jwks\",\"alg\":\"A128KW\"}," @@ -116,7 +114,7 @@ public class JweJsonProducerTest extends Assert { + "\"ciphertext\":\"KTuJBMk9QG59xPB-c_YLM5-J7VG40_eMPvyHDD7eB-WHj_34YiWgpBOydTBm4RW0zUCJZ09xqorhWJME-DcQ\"," + "\"tag\":\"oVUQGS9608D-INq61-vOaA\"" + "}"; - private static final String EXTRA_AAD_SOURCE = + static final String EXTRA_AAD_SOURCE = "[\"vcard\",[" + "[\"version\",{},\"text\",\"4.0\"]," + "[\"fn\",{},\"text\",\"Meriadoc Brandybuck\"]," @@ -124,7 +122,7 @@ public class JweJsonProducerTest extends Assert { + "[\"bday\",{},\"text\",\"TA 2982\"]," + "[\"gender\",{},\"text\",\"M\"]" + "]]"; - private static final String SINGLE_RECIPIENT_A128CBCHS256_OUTPUT = + static final String SINGLE_RECIPIENT_A128CBCHS256_OUTPUT = "{" + "\"protected\":\"eyJhbGciOiJBMTI4S1ciLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0\"," + "\"recipients\":" @@ -135,7 +133,7 @@ public class JweJsonProducerTest extends Assert { + "\"ciphertext\":\"KDlTtXchhZTGufMYmOYGS4HffxPSUrfmqCHXaI9wOGY\"," + "\"tag\":\"U0m_YmjN04DJvceFICbCVQ\"" + "}"; - private static final String SINGLE_RECIPIENT_A128CBCHS256_DIRECT_OUTPUT = + static final String SINGLE_RECIPIENT_A128CBCHS256_DIRECT_OUTPUT = "{" + "\"protected\":\"eyJlbmMiOiJBMTI4Q0JDLUhTMjU2In0\"," + "\"recipients\":"