cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject cxf git commit: Prototyping the code for supporting JWS in header key ids
Date Wed, 10 Jun 2015 12:32:36 GMT
Repository: cxf
Updated Branches:
  refs/heads/master 5e4a14b4d -> a1deab44c


Prototyping the code for supporting JWS in header key ids


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/a1deab44
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/a1deab44
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/a1deab44

Branch: refs/heads/master
Commit: a1deab44c49a8342dc346dbe06fcc9757b9fad7a
Parents: 5e4a14b
Author: Sergey Beryozkin <sberyozkin@talend.com>
Authored: Wed Jun 10 13:32:18 2015 +0100
Committer: Sergey Beryozkin <sberyozkin@talend.com>
Committed: Wed Jun 10 13:32:18 2015 +0100

----------------------------------------------------------------------
 .../security/jose/jaxrs/KeyManagementUtils.java |  3 ++
 .../cxf/rs/security/jose/jwe/JweUtils.java      | 10 ++++--
 .../cxf/rs/security/jose/jwk/JsonWebKey.java    |  4 +--
 .../cxf/rs/security/jose/jwk/JsonWebKeys.java   |  2 +-
 .../cxf/rs/security/jose/jwk/JwkUtils.java      | 36 +++++++++++++++-----
 .../cxf/rs/security/jose/jws/JwsUtils.java      | 30 ++++++++++------
 .../jose/cookbook/JwkJoseCookBookTest.java      |  8 ++---
 .../rs/security/jose/jwk/JsonWebKeyTest.java    |  8 ++---
 .../jaxrs/security/jwt/JAXRSJweJwsTest.java     | 20 ++++++++++-
 9 files changed, 88 insertions(+), 33 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/a1deab44/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/KeyManagementUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/KeyManagementUtils.java
b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/KeyManagementUtils.java
index 9a4078e..4bbc43e 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/KeyManagementUtils.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/KeyManagementUtils.java
@@ -70,6 +70,8 @@ public final class KeyManagementUtils {
     public static final String RSSEC_DECRYPT_KEY_PSWD_PROVIDER = "rs.security.decryption.key.password.provider";
     public static final String RSSEC_DEFAULT_ALGORITHMS = "rs.security.default.algorithms";
     public static final String RSSEC_REPORT_KEY_PROP = "rs.security.report.public.key";
+    public static final String RSSEC_REPORT_KEY_ID_PROP = "rs.security.report.public.key.id";
+    public static final String RSSEC_ACCEPT_PUBLIC_KEY_PROP = "rs.security.accept.public.key.properties";
     private static final Logger LOG = LogUtils.getL7dLogger(KeyManagementUtils.class);
     
     private KeyManagementUtils() {
@@ -272,6 +274,7 @@ public final class KeyManagementUtils {
             return null;
         }
     }
+    //TODO: enhance the certificate validation code
     public static void validateCertificateChain(Properties storeProperties, List<X509Certificate>
inCerts) {
         KeyStore ks = loadPersistKeyStore(JAXRSUtils.getCurrentMessage(), storeProperties);
         validateCertificateChain(ks, inCerts);

http://git-wip-us.apache.org/repos/asf/cxf/blob/a1deab44/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
index fd837d8..1c2c9d6 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
@@ -59,6 +59,7 @@ public final class JweUtils {
     private static final String RSSEC_ENCRYPTION_IN_PROPS = "rs.security.encryption.in.properties";
     private static final String RSSEC_ENCRYPTION_PROPS = "rs.security.encryption.properties";
     private static final String RSSEC_ENCRYPTION_REPORT_KEY_PROP = "rs.security.jwe.report.public.key";
+    private static final String RSSEC_ENCRYPTION_REPORT_KEY_ID_PROP = "rs.security.jwe.report.public.key.id";
     
     private JweUtils() {
         
@@ -265,6 +266,10 @@ public final class JweUtils {
             headers != null && MessageUtils.isTrue(
                 MessageUtils.getContextualProperty(m, RSSEC_ENCRYPTION_REPORT_KEY_PROP, 
                                                    KeyManagementUtils.RSSEC_REPORT_KEY_PROP));
+        boolean reportPublicKeyId = 
+            headers != null && MessageUtils.isTrue(
+                MessageUtils.getContextualProperty(m, RSSEC_ENCRYPTION_REPORT_KEY_ID_PROP,

+                                                   KeyManagementUtils.RSSEC_REPORT_KEY_ID_PROP));
         
         KeyEncryptionProvider keyEncryptionProvider = null;
         String keyEncryptionAlgo = getKeyEncryptionAlgo(m, props, null, null);
@@ -279,8 +284,9 @@ public final class JweUtils {
                 ctEncryptionProvider = getContentEncryptionAlgorithm(jwk, contentEncryptionAlgo);
             } else {
                 keyEncryptionProvider = getKeyEncryptionProvider(jwk, keyEncryptionAlgo);
-                if (reportPublicKey) {
-                    JwkUtils.setPublicKeyInfo(jwk, headers, keyEncryptionAlgo);
+                if (reportPublicKey || reportPublicKeyId) {
+                    JwkUtils.setPublicKeyInfo(jwk, headers, keyEncryptionAlgo, 
+                                              reportPublicKey, reportPublicKeyId);
                 }
             }
         } else {

http://git-wip-us.apache.org/repos/asf/cxf/blob/a1deab44/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JsonWebKey.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JsonWebKey.java
b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JsonWebKey.java
index e723ef3..4252add 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JsonWebKey.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JsonWebKey.java
@@ -108,11 +108,11 @@ public class JsonWebKey extends JsonMapObject {
         return (String)getProperty(KEY_ALGO);
     }
     
-    public void setKid(String kid) {
+    public void setKeyId(String kid) {
         setProperty(KEY_ID, kid);
     }
 
-    public String getKid() {
+    public String getKeyId() {
         return (String)getProperty(KEY_ID);
     }
     

http://git-wip-us.apache.org/repos/asf/cxf/blob/a1deab44/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JsonWebKeys.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JsonWebKeys.java
b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JsonWebKeys.java
index 29ea88a..e7410ae 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JsonWebKeys.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JsonWebKeys.java
@@ -60,7 +60,7 @@ public class JsonWebKeys extends JsonMapObject {
         }
         Map<String, JsonWebKey> map = new LinkedHashMap<String, JsonWebKey>();
         for (JsonWebKey key : keys) {
-            String kid = key.getKid();
+            String kid = key.getKeyId();
             if (kid != null) {
                 map.put(kid, key);
             }

http://git-wip-us.apache.org/repos/asf/cxf/blob/a1deab44/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkUtils.java
b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkUtils.java
index 9dcd0fe..3544779 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkUtils.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkUtils.java
@@ -42,6 +42,7 @@ import org.apache.cxf.helpers.CastUtils;
 import org.apache.cxf.helpers.IOUtils;
 import org.apache.cxf.jaxrs.utils.ResourceUtils;
 import org.apache.cxf.message.Message;
+import org.apache.cxf.message.MessageUtils;
 import org.apache.cxf.rs.security.jose.JoseConstants;
 import org.apache.cxf.rs.security.jose.JoseHeaders;
 import org.apache.cxf.rs.security.jose.JoseUtils;
@@ -262,14 +263,22 @@ public final class JwkUtils {
         }
     }
     public static JsonWebKey loadJsonWebKey(Message m, Properties props, String keyOper)
{
-        return loadJsonWebKey(m, props, keyOper, new DefaultJwkReaderWriter());
+        return loadJsonWebKey(m, props, keyOper, null);
     }
-
-    public static JsonWebKey loadJsonWebKey(Message m, Properties props, String keyOper,
JwkReaderWriter reader) {
+    public static JsonWebKey loadJsonWebKey(Message m, Properties props, String keyOper,
String inHeaderKid) {
+        return loadJsonWebKey(m, props, keyOper, inHeaderKid, new DefaultJwkReaderWriter());
+    }
+    public static JsonWebKey loadJsonWebKey(Message m, Properties props, String keyOper,
String inHeaderKid, 
+                                            JwkReaderWriter reader) {
         PrivateKeyPasswordProvider cb = KeyManagementUtils.loadPasswordProvider(m, props,
keyOper);
         JsonWebKeys jwkSet = loadJwkSet(m, props, cb, reader);
-        String kid = 
-            KeyManagementUtils.getKeyId(m, props, KeyManagementUtils.RSSEC_KEY_STORE_ALIAS,
keyOper);
+        String kid = null;
+        if (inHeaderKid != null 
+            && MessageUtils.getContextualBoolean(m, KeyManagementUtils.RSSEC_ACCEPT_PUBLIC_KEY_PROP,
true)) {
+            kid = inHeaderKid;
+        } else {
+            kid = KeyManagementUtils.getKeyId(m, props, KeyManagementUtils.RSSEC_KEY_STORE_ALIAS,
keyOper);
+        }
         if (kid != null) {
             return jwkSet.getKey(kid);
         } else if (keyOper != null) {
@@ -460,15 +469,24 @@ public final class JwkUtils {
     private static JweHeaders toJweHeaders(String ct) {
         return new JweHeaders(Collections.<String, Object>singletonMap(JoseConstants.HEADER_CONTENT_TYPE,
ct));
     }
-    public static void setPublicKeyInfo(JsonWebKey jwk, JoseHeaders headers, String algo)
{
-        if (JsonWebKey.KEY_TYPE_RSA.equals(jwk.getKeyType())) {
+    public static void setPublicKeyInfo(JsonWebKey jwk, JoseHeaders headers, String algo,
+                                        boolean reportPublicKey, boolean reportPublicKeyId)
{
+        if (reportPublicKey && JsonWebKey.KEY_TYPE_RSA.equals(jwk.getKeyType()))
{
             List<String> chain = CastUtils.cast((List<?>)jwk.getProperty("x5c"));
+            //TODO: if needed the chain can be reported as part of a 'jwk' property
             if (chain != null) {
                 headers.setX509Chain(chain);
             } else {
-                headers.setJsonWebKey(
-                    JwkUtils.fromRSAPublicKey(JwkUtils.toRSAPublicKey(jwk), algo));
+                JsonWebKey jwkPublic = JwkUtils.fromRSAPublicKey(JwkUtils.toRSAPublicKey(jwk),
algo);
+                if (reportPublicKeyId && jwk.getKeyId() != null) {
+                    jwkPublic.setKeyId(jwk.getKeyId());
+                }
+                headers.setJsonWebKey(jwkPublic);
             }
         }
+        if (reportPublicKeyId && jwk.getKeyId() != null) {
+            headers.setKeyId(jwk.getKeyId());
+        }
+        
     }
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/a1deab44/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java
b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java
index b2c634a..38db1b5 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java
@@ -54,7 +54,8 @@ public final class JwsUtils {
     private static final String RSSEC_SIGNATURE_OUT_PROPS = "rs.security.signature.out.properties";
     private static final String RSSEC_SIGNATURE_IN_PROPS = "rs.security.signature.in.properties";
     private static final String RSSEC_SIGNATURE_PROPS = "rs.security.signature.properties";
-    private static final String JSON_WEB_SIGNATURE_REPORT_KEY_PROP = "rs.security.jws.report.public.key";
+    private static final String RSSEC_REPORT_KEY_PROP = "rs.security.jws.report.public.key";
+    private static final String RSSEC_REPORT_KEY_ID_PROP = "rs.security.jws.report.public.key.id";
     private JwsUtils() {
         
     }
@@ -256,18 +257,22 @@ public final class JwsUtils {
                                                               Properties props,
                                                               JoseHeaders headers,
                                                               boolean ignoreNullProvider)
{
-        JwsSignatureProvider theSigProvider = null; 
-        boolean reportPublicKey = 
+        JwsSignatureProvider theSigProvider = null;
+        
+        boolean reportPublicKey = headers != null && MessageUtils.isTrue(
+                MessageUtils.getContextualProperty(m, RSSEC_REPORT_KEY_PROP, 
+                                                   KeyManagementUtils.RSSEC_REPORT_KEY_PROP));
+        boolean reportPublicKeyId = 
             headers != null && MessageUtils.isTrue(
-                MessageUtils.getContextualProperty(m, JSON_WEB_SIGNATURE_REPORT_KEY_PROP,
-                                                   KeyManagementUtils.RSSEC_REPORT_KEY_PROP));

+                MessageUtils.getContextualProperty(m, RSSEC_REPORT_KEY_ID_PROP,
+                                                   KeyManagementUtils.RSSEC_REPORT_KEY_ID_PROP));
         if (JwkUtils.JWK_KEY_STORE_TYPE.equals(props.get(KeyManagementUtils.RSSEC_KEY_STORE_TYPE)))
{
             JsonWebKey jwk = JwkUtils.loadJsonWebKey(m, props, JsonWebKey.KEY_OPER_SIGN);
             if (jwk != null) {
                 String signatureAlgo = getSignatureAlgo(m, props, jwk.getAlgorithm(), getDefaultKeyAlgo(jwk));
                 theSigProvider = JwsUtils.getSignatureProvider(jwk, signatureAlgo);
-                if (reportPublicKey) {
-                    JwkUtils.setPublicKeyInfo(jwk, headers, signatureAlgo);
+                if (reportPublicKey || reportPublicKeyId) {
+                    JwkUtils.setPublicKeyInfo(jwk, headers, signatureAlgo, reportPublicKey,
reportPublicKeyId);
                 }
             }
         } else {
@@ -289,11 +294,16 @@ public final class JwsUtils {
                                                               JoseHeaders inHeaders, 
                                                               boolean ignoreNullVerifier)
{
         JwsSignatureVerifier theVerifier = null;
+        String inHeaderKid = null;
         if (inHeaders != null) {
-            //TODO: validate incoming public keys or certificates  
+            inHeaderKid = inHeaders.getKeyId();
             //TODO: optionally validate inHeaders.getAlgorithm against a property in props
             if (inHeaders.getHeader(JoseConstants.HEADER_JSON_WEB_KEY) != null) {
                 JsonWebKey publicJwk = inHeaders.getJsonWebKey();
+                if (inHeaderKid != null && !inHeaderKid.equals(publicJwk.getKeyId())
+                    || !MessageUtils.getContextualBoolean(m, KeyManagementUtils.RSSEC_ACCEPT_PUBLIC_KEY_PROP,
true)) {
+                    throw new JwsException(JwsException.Error.INVALID_KEY);
+                }
                 return getSignatureVerifier(publicJwk, inHeaders.getAlgorithm());
             } else if (inHeaders.getHeader(JoseConstants.HEADER_X509_CHAIN) != null) {
                 List<X509Certificate> chain = KeyManagementUtils.toX509CertificateChain(inHeaders.getX509Chain());
@@ -303,10 +313,10 @@ public final class JwsUtils {
         }
         
         if (JwkUtils.JWK_KEY_STORE_TYPE.equals(props.get(KeyManagementUtils.RSSEC_KEY_STORE_TYPE)))
{
-            JsonWebKey jwk = JwkUtils.loadJsonWebKey(m, props, JsonWebKey.KEY_OPER_VERIFY);
+            JsonWebKey jwk = JwkUtils.loadJsonWebKey(m, props, JsonWebKey.KEY_OPER_VERIFY,
inHeaderKid);
             if (jwk != null) {
                 String signatureAlgo = getSignatureAlgo(m, props, jwk.getAlgorithm(), getDefaultKeyAlgo(jwk));
-                theVerifier = JwsUtils.getSignatureVerifier(jwk, signatureAlgo);
+                theVerifier = getSignatureVerifier(jwk, signatureAlgo);
             }
             
         } else {

http://git-wip-us.apache.org/repos/asf/cxf/blob/a1deab44/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/cookbook/JwkJoseCookBookTest.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/cookbook/JwkJoseCookBookTest.java
b/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/cookbook/JwkJoseCookBookTest.java
index 68775fc..223e68c 100644
--- a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/cookbook/JwkJoseCookBookTest.java
+++ b/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/cookbook/JwkJoseCookBookTest.java
@@ -137,20 +137,20 @@ public class JwkJoseCookBookTest extends Assert {
     }
     private void validateSecretSignKey(JsonWebKey key) {
         assertEquals(SIGN_SECRET_VALUE, key.getProperty(JsonWebKey.OCTET_KEY_VALUE));
-        assertEquals(SIGN_KID_VALUE, key.getKid());
+        assertEquals(SIGN_KID_VALUE, key.getKeyId());
         assertEquals(JsonWebKey.KEY_TYPE_OCTET, key.getKeyType());
         assertEquals(AlgorithmUtils.HMAC_SHA_256_ALGO, key.getAlgorithm());
     }
     private void validateSecretEncKey(JsonWebKey key) {
         assertEquals(ENCRYPTION_SECRET_VALUE, key.getProperty(JsonWebKey.OCTET_KEY_VALUE));
-        assertEquals(ENCRYPTION_KID_VALUE, key.getKid());
+        assertEquals(ENCRYPTION_KID_VALUE, key.getKeyId());
         assertEquals(JsonWebKey.KEY_TYPE_OCTET, key.getKeyType());
         assertEquals(AlgorithmUtils.A256GCM_ALGO, key.getAlgorithm());
     }
     private void validatePublicRsaKey(JsonWebKey key) {
         assertEquals(RSA_MODULUS_VALUE, key.getProperty(JsonWebKey.RSA_MODULUS));
         assertEquals(RSA_PUBLIC_EXP_VALUE, key.getProperty(JsonWebKey.RSA_PUBLIC_EXP));
-        assertEquals(RSA_KID_VALUE, key.getKid());
+        assertEquals(RSA_KID_VALUE, key.getKeyId());
         assertEquals(JsonWebKey.KEY_TYPE_RSA, key.getKeyType());
     }
     private void validatePrivateRsaKey(JsonWebKey key) {
@@ -165,7 +165,7 @@ public class JwkJoseCookBookTest extends Assert {
     private void validatePublicEcKey(JsonWebKey key) {
         assertEquals(EC_X_COORDINATE_VALUE, key.getProperty(JsonWebKey.EC_X_COORDINATE));
         assertEquals(EC_Y_COORDINATE_VALUE, key.getProperty(JsonWebKey.EC_Y_COORDINATE));
-        assertEquals(EC_KID_VALUE, key.getKid());
+        assertEquals(EC_KID_VALUE, key.getKeyId());
         assertEquals(JsonWebKey.KEY_TYPE_ELLIPTIC, key.getKeyType());
         assertEquals(EC_CURVE_VALUE, key.getProperty(JsonWebKey.EC_CURVE));
         assertEquals(JsonWebKey.PUBLIC_KEY_USE_SIGN, key.getPublicKeyUse());

http://git-wip-us.apache.org/repos/asf/cxf/blob/a1deab44/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwk/JsonWebKeyTest.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwk/JsonWebKeyTest.java
b/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwk/JsonWebKeyTest.java
index 6c0f243..f33ecbb 100644
--- a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwk/JsonWebKeyTest.java
+++ b/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwk/JsonWebKeyTest.java
@@ -182,13 +182,13 @@ public class JsonWebKeyTest extends Assert {
     
     private void validateSecretAesKey(JsonWebKey key) {
         assertEquals(AES_SECRET_VALUE, key.getProperty(JsonWebKey.OCTET_KEY_VALUE));
-        assertEquals(AES_KID_VALUE, key.getKid());
+        assertEquals(AES_KID_VALUE, key.getKeyId());
         assertEquals(JsonWebKey.KEY_TYPE_OCTET, key.getKeyType());
         assertEquals(AlgorithmUtils.A128KW_ALGO, key.getAlgorithm());
     }
     private void validateSecretHmacKey(JsonWebKey key) {
         assertEquals(HMAC_SECRET_VALUE, key.getProperty(JsonWebKey.OCTET_KEY_VALUE));
-        assertEquals(HMAC_KID_VALUE, key.getKid());
+        assertEquals(HMAC_KID_VALUE, key.getKeyId());
         assertEquals(JsonWebKey.KEY_TYPE_OCTET, key.getKeyType());
         assertEquals(AlgorithmUtils.HMAC_SHA_256_ALGO, key.getAlgorithm());
     }
@@ -196,7 +196,7 @@ public class JsonWebKeyTest extends Assert {
     private void validatePublicRsaKey(JsonWebKey key) {
         assertEquals(RSA_MODULUS_VALUE, key.getProperty(JsonWebKey.RSA_MODULUS));
         assertEquals(RSA_PUBLIC_EXP_VALUE, key.getProperty(JsonWebKey.RSA_PUBLIC_EXP));
-        assertEquals(RSA_KID_VALUE, key.getKid());
+        assertEquals(RSA_KID_VALUE, key.getKeyId());
         assertEquals(JsonWebKey.KEY_TYPE_RSA, key.getKeyType());
         assertEquals(AlgorithmUtils.RS_SHA_256_ALGO, key.getAlgorithm());
     }
@@ -212,7 +212,7 @@ public class JsonWebKeyTest extends Assert {
     private void validatePublicEcKey(JsonWebKey key) {
         assertEquals(EC_X_COORDINATE_VALUE, key.getProperty(JsonWebKey.EC_X_COORDINATE));
         assertEquals(EC_Y_COORDINATE_VALUE, key.getProperty(JsonWebKey.EC_Y_COORDINATE));
-        assertEquals(EC_KID_VALUE, key.getKid());
+        assertEquals(EC_KID_VALUE, key.getKeyId());
         assertEquals(JsonWebKey.KEY_TYPE_ELLIPTIC, key.getKeyType());
         assertEquals(EC_CURVE_VALUE, key.getProperty(JsonWebKey.EC_CURVE));
         assertEquals(JsonWebKey.PUBLIC_KEY_USE_ENCRYPT, key.getPublicKeyUse());

http://git-wip-us.apache.org/repos/asf/cxf/blob/a1deab44/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JAXRSJweJwsTest.java
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JAXRSJweJwsTest.java
b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JAXRSJweJwsTest.java
index 642abc6..61d67df 100644
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JAXRSJweJwsTest.java
+++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JAXRSJweJwsTest.java
@@ -308,7 +308,19 @@ public class JAXRSJweJwsTest extends AbstractBusClientServerTestBase
{
     }
     @Test
     public void testJwsJwkRSA() throws Exception {
-        String address = "https://localhost:" + PORT + "/jwsjwkrsa";
+        doTestJwsJwkRSA("https://localhost:" + PORT + "/jwsjwkrsa", false, false);
+    }
+    @Test
+    public void testJwsJwkInHeadersRSA() throws Exception {
+        doTestJwsJwkRSA("https://localhost:" + PORT + "/jwsjwkrsa", true, true);
+    }
+    @Test
+    public void testJwsJwkKidOnlyInHeadersRSA() throws Exception {
+        doTestJwsJwkRSA("https://localhost:" + PORT + "/jwsjwkrsa", false, true);
+    }
+    private void doTestJwsJwkRSA(String address, 
+                                 boolean reportPublicKey,
+                                 boolean reportPublicKeyId) throws Exception {
         JAXRSClientFactoryBean bean = new JAXRSClientFactoryBean();
         SpringBusFactory bf = new SpringBusFactory();
         URL busFile = JAXRSJweJwsTest.class.getResource("client.xml");
@@ -326,6 +338,12 @@ public class JAXRSJweJwsTest extends AbstractBusClientServerTestBase
{
             "org/apache/cxf/systest/jaxrs/security/alice.jwk.properties");
         bean.getProperties(true).put("rs.security.signature.in.properties",
             "org/apache/cxf/systest/jaxrs/security/bob.jwk.properties");
+        if (reportPublicKey) {
+            bean.getProperties(true).put("rs.security.report.public.key", true);
+        }
+        if (reportPublicKeyId) {
+            bean.getProperties(true).put("rs.security.report.public.key.id", true);
+        }
         BookStore bs = bean.create(BookStore.class);
         String text = bs.echoText("book");
         assertEquals("book", text);


Mime
View raw message