cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject [1/5] cxf git commit: Adding some more JOSE tests
Date Tue, 27 Oct 2015 17:11:36 GMT
Repository: cxf
Updated Branches:
  refs/heads/3.0.x-fixes e85491716 -> 6424b876c


Adding some more JOSE tests


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/3a726365
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/3a726365
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/3a726365

Branch: refs/heads/3.0.x-fixes
Commit: 3a72636542ec1cc92c4d5884f34a15b51f9f9f7e
Parents: e854917
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Tue Oct 27 12:54:31 2015 +0000
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Tue Oct 27 17:11:11 2015 +0000

----------------------------------------------------------------------
 .../cxf/rs/security/jose/jwe/JweUtils.java      |  1 -
 .../jaxrs/security/jwt/JweJwsAlgorithmTest.java | 55 +++++++++++++++++++-
 2 files changed, 54 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/3a726365/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
index e23f605..0c86142 100644
--- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
+++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
@@ -364,7 +364,6 @@ public final class JweUtils {
         SecretKey ctDecryptionKey = null;
         String keyEncryptionAlgo = getKeyEncryptionAlgo(m, props, null, null);
         if (inHeaders != null && inHeaders.getHeader(JoseConstants.HEADER_X509_CHAIN)
!= null) {
-            //TODO: optionally validate inHeaders.getAlgorithm against a property in props
             // Supporting loading a private key via a certificate for now
             List<X509Certificate> chain = KeyManagementUtils.toX509CertificateChain(inHeaders.getX509Chain());
             KeyManagementUtils.validateCertificateChain(props, chain);

http://git-wip-us.apache.org/repos/asf/cxf/blob/3a726365/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JweJwsAlgorithmTest.java
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JweJwsAlgorithmTest.java
b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JweJwsAlgorithmTest.java
index 4bbc765..cb1f3b2 100644
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JweJwsAlgorithmTest.java
+++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JweJwsAlgorithmTest.java
@@ -168,6 +168,33 @@ public class JweJwsAlgorithmTest extends AbstractBusClientServerTestBase
{
     }
     
     @org.junit.Test
+    public void testWrongKeyEncryptionAlgorithmKeyIncluded() throws Exception {
+
+        URL busFile = JweJwsAlgorithmTest.class.getResource("client.xml");
+
+        List<Object> providers = new ArrayList<Object>();
+        providers.add(new JacksonJsonProvider());
+        providers.add(new JweWriterInterceptor());
+
+        String address = "http://localhost:" + PORT + "/jweoaepgcm/bookstore/books";
+        WebClient client = 
+            WebClient.create(address, providers, busFile.toString());
+        client.type("application/json").accept("application/json");
+
+        Map<String, Object> properties = new HashMap<String, Object>();
+        properties.put("rs.security.keystore.type", "jwk");
+        properties.put("rs.security.keystore.alias", "2011-04-29");
+        properties.put("rs.security.keystore.file", "org/apache/cxf/systest/jaxrs/security/certs/jwkPublicSet.txt");
+        properties.put("rs.security.encryption.content.algorithm", "A128GCM");
+        properties.put("rs.security.encryption.key.algorithm", "RSA1_5");
+        properties.put("rs.security.encryption.include.public.key", "true");
+        WebClient.getConfig(client).getRequestContext().putAll(properties);
+
+        Response response = client.post(new Book("book", 123L));
+        assertNotEquals(response.getStatus(), 200);
+    }
+    
+    @org.junit.Test
     public void testWrongContentEncryptionAlgorithm() throws Exception {
         
         if (SKIP_AES_GCM_TESTS || !SecurityTestUtil.checkUnrestrictedPoliciesInstalled())
{
@@ -260,7 +287,6 @@ public class JweJwsAlgorithmTest extends AbstractBusClientServerTestBase
{
         assertNotEquals(response.getStatus(), 200);
     }
 
-    
     //
     // Signature tests
     //
@@ -349,6 +375,33 @@ public class JweJwsAlgorithmTest extends AbstractBusClientServerTestBase
{
     }
     
     @org.junit.Test
+    public void testWrongSignatureAlgorithmKeyIncluded() throws Exception {
+
+        URL busFile = JweJwsAlgorithmTest.class.getResource("client.xml");
+
+        List<Object> providers = new ArrayList<Object>();
+        providers.add(new JacksonJsonProvider());
+        providers.add(new JwsWriterInterceptor());
+
+        String address = "http://localhost:" + PORT + "/jws/bookstore/books";
+        WebClient client = 
+            WebClient.create(address, providers, busFile.toString());
+        client.type("application/json").accept("application/json");
+
+        Map<String, Object> properties = new HashMap<String, Object>();
+        properties.put("rs.security.keystore.type", "jwk");
+        properties.put("rs.security.keystore.alias", "2011-04-29");
+        properties.put("rs.security.keystore.file", 
+                       "org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet.txt");
+        properties.put("rs.security.signature.algorithm", "PS256");
+        properties.put("rs.security.signature.include.public.key", true);
+        WebClient.getConfig(client).getRequestContext().putAll(properties);
+
+        Response response = client.post(new Book("book", 123L));
+        assertNotEquals(response.getStatus(), 200);
+    }
+    
+    @org.junit.Test
     public void testBadSigningKey() throws Exception {
 
         URL busFile = JweJwsAlgorithmTest.class.getResource("client.xml");


Mime
View raw message