cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject [1/4] cxf git commit: Adding some more JOSE tests
Date Tue, 27 Oct 2015 17:10:11 GMT
Repository: cxf
Updated Branches:
  refs/heads/master 70aceaa6f -> 6fd3ada7a


Adding some more JOSE tests


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/a5258a4a
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/a5258a4a
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/a5258a4a

Branch: refs/heads/master
Commit: a5258a4a853ac7ba9d93e9dba37329f9ee482788
Parents: 70aceaa
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Tue Oct 27 12:54:31 2015 +0000
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Tue Oct 27 12:54:31 2015 +0000

----------------------------------------------------------------------
 .../cxf/rs/security/jose/jwe/JweUtils.java      |  1 -
 .../jaxrs/security/jwt/JweJwsAlgorithmTest.java | 55 +++++++++++++++++++-
 2 files changed, 54 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/a5258a4a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
index e23f605..0c86142 100644
--- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
+++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
@@ -364,7 +364,6 @@ public final class JweUtils {
         SecretKey ctDecryptionKey = null;
         String keyEncryptionAlgo = getKeyEncryptionAlgo(m, props, null, null);
         if (inHeaders != null && inHeaders.getHeader(JoseConstants.HEADER_X509_CHAIN)
!= null) {
-            //TODO: optionally validate inHeaders.getAlgorithm against a property in props
             // Supporting loading a private key via a certificate for now
             List<X509Certificate> chain = KeyManagementUtils.toX509CertificateChain(inHeaders.getX509Chain());
             KeyManagementUtils.validateCertificateChain(props, chain);

http://git-wip-us.apache.org/repos/asf/cxf/blob/a5258a4a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JweJwsAlgorithmTest.java
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JweJwsAlgorithmTest.java
b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JweJwsAlgorithmTest.java
index fcdaafb..b728d66 100644
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JweJwsAlgorithmTest.java
+++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JweJwsAlgorithmTest.java
@@ -150,6 +150,33 @@ public class JweJwsAlgorithmTest extends AbstractBusClientServerTestBase
{
     }
     
     @org.junit.Test
+    public void testWrongKeyEncryptionAlgorithmKeyIncluded() throws Exception {
+
+        URL busFile = JweJwsAlgorithmTest.class.getResource("client.xml");
+
+        List<Object> providers = new ArrayList<Object>();
+        providers.add(new JacksonJsonProvider());
+        providers.add(new JweWriterInterceptor());
+
+        String address = "http://localhost:" + PORT + "/jweoaepgcm/bookstore/books";
+        WebClient client = 
+            WebClient.create(address, providers, busFile.toString());
+        client.type("application/json").accept("application/json");
+
+        Map<String, Object> properties = new HashMap<String, Object>();
+        properties.put("rs.security.keystore.type", "jwk");
+        properties.put("rs.security.keystore.alias", "2011-04-29");
+        properties.put("rs.security.keystore.file", "org/apache/cxf/systest/jaxrs/security/certs/jwkPublicSet.txt");
+        properties.put("rs.security.encryption.content.algorithm", "A128GCM");
+        properties.put("rs.security.encryption.key.algorithm", "RSA1_5");
+        properties.put("rs.security.encryption.include.public.key", "true");
+        WebClient.getConfig(client).getRequestContext().putAll(properties);
+
+        Response response = client.post(new Book("book", 123L));
+        assertNotEquals(response.getStatus(), 200);
+    }
+    
+    @org.junit.Test
     public void testWrongContentEncryptionAlgorithm() throws Exception {
         if (!SecurityTestUtil.checkUnrestrictedPoliciesInstalled()) {
             return;
@@ -232,7 +259,6 @@ public class JweJwsAlgorithmTest extends AbstractBusClientServerTestBase
{
         assertNotEquals(response.getStatus(), 200);
     }
 
-    
     //
     // Signature tests
     //
@@ -321,6 +347,33 @@ public class JweJwsAlgorithmTest extends AbstractBusClientServerTestBase
{
     }
     
     @org.junit.Test
+    public void testWrongSignatureAlgorithmKeyIncluded() throws Exception {
+
+        URL busFile = JweJwsAlgorithmTest.class.getResource("client.xml");
+
+        List<Object> providers = new ArrayList<Object>();
+        providers.add(new JacksonJsonProvider());
+        providers.add(new JwsWriterInterceptor());
+
+        String address = "http://localhost:" + PORT + "/jws/bookstore/books";
+        WebClient client = 
+            WebClient.create(address, providers, busFile.toString());
+        client.type("application/json").accept("application/json");
+
+        Map<String, Object> properties = new HashMap<String, Object>();
+        properties.put("rs.security.keystore.type", "jwk");
+        properties.put("rs.security.keystore.alias", "2011-04-29");
+        properties.put("rs.security.keystore.file", 
+                       "org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet.txt");
+        properties.put("rs.security.signature.algorithm", "PS256");
+        properties.put("rs.security.signature.include.public.key", true);
+        WebClient.getConfig(client).getRequestContext().putAll(properties);
+
+        Response response = client.post(new Book("book", 123L));
+        assertNotEquals(response.getStatus(), 200);
+    }
+    
+    @org.junit.Test
     public void testBadSigningKey() throws Exception {
 
         URL busFile = JweJwsAlgorithmTest.class.getResource("client.xml");


Mime
View raw message