Return-Path: X-Original-To: apmail-cxf-commits-archive@www.apache.org Delivered-To: apmail-cxf-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 2196718063 for ; Tue, 13 Oct 2015 10:34:56 +0000 (UTC) Received: (qmail 59666 invoked by uid 500); 13 Oct 2015 10:34:56 -0000 Delivered-To: apmail-cxf-commits-archive@cxf.apache.org Received: (qmail 59608 invoked by uid 500); 13 Oct 2015 10:34:55 -0000 Mailing-List: contact commits-help@cxf.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cxf.apache.org Delivered-To: mailing list commits@cxf.apache.org Received: (qmail 59599 invoked by uid 99); 13 Oct 2015 10:34:55 -0000 Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org) (140.211.11.23) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 13 Oct 2015 10:34:55 +0000 Received: by git1-us-west.apache.org (ASF Mail Server at git1-us-west.apache.org, from userid 33) id DEBFEE0AA1; Tue, 13 Oct 2015 10:34:54 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: coheigea@apache.org To: commits@cxf.apache.org Date: Tue, 13 Oct 2015 10:34:54 -0000 Message-Id: X-Mailer: ASF-Git Admin Mailer Subject: [01/22] cxf git commit: Splitting current jose module into jose-core + jose-jaxrs Repository: cxf Updated Branches: refs/heads/master 88fb9ee70 -> 52c3b6a90 http://git-wip-us.apache.org/repos/asf/cxf/blob/66a81773/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwk/JsonWebKeyTest.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwk/JsonWebKeyTest.java b/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwk/JsonWebKeyTest.java deleted file mode 100644 index 6a60fc9..0000000 --- a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwk/JsonWebKeyTest.java +++ /dev/null @@ -1,231 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package org.apache.cxf.rs.security.jose.jwk; - -import java.io.InputStream; -import java.security.Security; -import java.security.cert.X509Certificate; -import java.util.List; -import java.util.Map; - -import org.apache.cxf.helpers.IOUtils; -import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils; -import org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm; -import org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm; -import org.apache.cxf.rs.security.jose.jwe.JweCompactConsumer; -import org.bouncycastle.jce.provider.BouncyCastleProvider; - -import org.junit.Assert; -import org.junit.Test; - -public class JsonWebKeyTest extends Assert { - private static final String RSA_MODULUS_VALUE = "0vx7agoebGcQSuuPiLJXZptN9nndrQmbXEps2aiAFbWhM78LhWx4cbbfAAt" - + "VT86zwu1RK7aPFFxuhDR1L6tSoc_BJECPebWKRXjBZCiFV4n3oknjhMstn64tZ_2W-5JsGY4Hc5n9yBXArwl93lqt7_RN5w6Cf" - + "0h4QyQ5v-65YGjQR0_FDW2QvzqY368QQMicAtaSqzs8KJZgnYb9c7d0zgdAZHzu6qMQvRL5hajrn1n91CbOpbISD08qNLyrdkt" - + "-bFTWhAI4vMQFh6WeZu0fM4lFd2NcRwr3XPksINHaQ-G_xBniIqbw0Ls1jF44-csFCur-kEgU8awapJzKnqDKgw"; - private static final String RSA_PUBLIC_EXP_VALUE = "AQAB"; - private static final String RSA_PRIVATE_EXP_VALUE = "X4cTteJY_gn4FYPsXB8rdXix5vwsg1FLN5E3EaG6RJoVH-HLLKD9M7d" - + "x5oo7GURknchnrRweUkC7hT5fJLM0WbFAKNLWY2vv7B6NqXSzUvxT0_YSfqijwp3RTzlBaCxWp4doFk5N2o8Gy_nHNKroADIkJ4" - + "6pRUohsXywbReAdYaMwFs9tv8d_cPVY3i07a3t8MN6TNwm0dSawm9v47UiCl3Sk5ZiG7xojPLu4sbg1U2jx4IBTNBznbJSzFHK66" - + "jT8bgkuqsk0GjskDJk19Z4qwjwbsnn4j2WBii3RL-Us2lGVkY8fkFzme1z0HbIkfz0Y6mqnOYtqc0X4jfcKoAC8Q"; - private static final String RSA_FIRST_PRIME_FACTOR_VALUE = "83i-7IvMGXoMXCskv73TKr8637FiO7Z27zv8oj6pbWUQyLPQ" - + "BQxtPVnwD20R-60eTDmD2ujnMt5PoqMrm8RfmNhVWDtjjMmCMjOpSXicFHj7XOuVIYQyqVWlWEh6dN36GVZYk93N8Bc9vY41xy8B9" - + "RzzOGVQzXvNEvn7O0nVbfs"; - private static final String RSA_SECOND_PRIME_FACTOR_VALUE = "3dfOR9cuYq-0S-mkFLzgItgMEfFzB2q3hWehMuG0oCuqnb3" - + "vobLyumqjVZQO1dIrdwgTnCdpYzBcOfW5r370AFXjiWft_NGEiovonizhKpo9VVS78TzFgxkIdrecRezsZ-1kYd_s1qDbxtkDEgfA" - + "ITAG9LUnADun4vIcb6yelxk"; - private static final String RSA_FIRST_PRIME_CRT_VALUE = "G4sPXkc6Ya9y8oJW9_ILj4xuppu0lzi_H7VTkS8xj5SdX3coE0o" - + "imYwxIi2emTAue0UOa5dpgFGyBJ4c8tQ2VF402XRugKDTP8akYhFo5tAA77Qe_NmtuYZc3C3m3I24G2GvR5sSDxUyAN2zq8Lfn9EUm" - + "s6rY3Ob8YeiKkTiBj0"; - private static final String RSA_SECOND_PRIME_CRT_VALUE = "s9lAH9fggBsoFR8Oac2R_E2gw282rT2kGOAhvIllETE1efrA6hu" - + "UUvMfBcMpn8lqeW6vzznYY5SSQF7pMdC_agI3nG8Ibp1BUb0JUiraRNqUfLhcQb_d9GF4Dh7e74WbRsobRonujTYN1xCaP6TO61jvW" - + "rX-L18txXw494Q_cgk"; - private static final String RSA_FIRST_CRT_COEFFICIENT_VALUE = "GyM_p6JrXySiz1toFgKbWV-JdI3jQ4ypu9rbMWx3rQJBfm" - + "t0FoYzgUIZEVFEcOqwemRN81zoDAaa-Bk0KWNGDjJHZDdDmFhW3AN7lI-puxk_mHZGJ11rxyR8O55XLSe3SPmRfKwZI6yU24ZxvQKF" - + "YItdldUKGzO6Ia6zTKhAVRU"; - private static final String RSA_KID_VALUE = "2011-04-29"; - private static final String EC_CURVE_VALUE = JsonWebKey.EC_CURVE_P256; - private static final String EC_X_COORDINATE_VALUE = "MKBCTNIcKUSDii11ySs3526iDZ8AiTo7Tu6KPAqv7D4"; - private static final String EC_Y_COORDINATE_VALUE = "4Etl6SRW2YiLUrN5vfvVHuhp7x8PxltmWWlbbM4IFyM"; - private static final String EC_PRIVATE_KEY_VALUE = "870MB6gfuTJ4HtUnUvYMyJpr5eUZNP4Bk43bVdj3eAE"; - private static final String EC_KID_VALUE = "1"; - private static final String AES_SECRET_VALUE = "GawgguFyGrWKav7AX4VKUg"; - private static final String AES_KID_VALUE = "AesWrapKey"; - private static final String HMAC_SECRET_VALUE = "AyM1SysPpbyDfgZld3umj1qzKObwVMkoqQ-EstJQLr_T-1qS0gZH75aKtMN3" - + "Yj0iPS4hcgUuTwjAzZr1Z9CAow"; - private static final String HMAC_KID_VALUE = "HMACKey"; - - @Test - public void testPublicSetAsList() throws Exception { - JsonWebKeys jwks = readKeySet("jwkPublicSet.txt"); - List keys = jwks.getKeys(); - assertEquals(3, keys.size()); - - JsonWebKey ecKey = keys.get(0); - assertEquals(6, ecKey.asMap().size()); - validatePublicEcKey(ecKey); - JsonWebKey rsaKey = keys.get(1); - assertEquals(5, rsaKey.asMap().size()); - validatePublicRsaKey(rsaKey); - JsonWebKey rsaKeyCert = keys.get(2); - assertEquals(3, rsaKeyCert.asMap().size()); - assertEquals(3, rsaKeyCert.getX509Chain().size()); - List certs = JwkUtils.toX509CertificateChain(rsaKeyCert); - assertEquals(3, certs.size()); - } - - @Test - public void testPublicSetAsMap() throws Exception { - JsonWebKeys jwks = readKeySet("jwkPublicSet.txt"); - Map keysMap = jwks.getKeyIdMap(); - assertEquals(3, keysMap.size()); - - JsonWebKey rsaKey = keysMap.get(RSA_KID_VALUE); - assertEquals(5, rsaKey.asMap().size()); - validatePublicRsaKey(rsaKey); - JsonWebKey ecKey = keysMap.get(EC_KID_VALUE); - assertEquals(6, ecKey.asMap().size()); - validatePublicEcKey(ecKey); - } - - @Test - public void testPrivateSetAsList() throws Exception { - JsonWebKeys jwks = readKeySet("jwkPrivateSet.txt"); - validatePrivateSet(jwks); - } - private void validatePrivateSet(JsonWebKeys jwks) throws Exception { - List keys = jwks.getKeys(); - assertEquals(2, keys.size()); - - JsonWebKey ecKey = keys.get(0); - assertEquals(7, ecKey.asMap().size()); - validatePrivateEcKey(ecKey); - JsonWebKey rsaKey = keys.get(1); - assertEquals(11, rsaKey.asMap().size()); - validatePrivateRsaKey(rsaKey); - } - @Test - public void testEncryptDecryptPrivateSet() throws Exception { - final String password = "Thus from my lips, by yours, my sin is purged."; - Security.addProvider(new BouncyCastleProvider()); - try { - JsonWebKeys jwks = readKeySet("jwkPrivateSet.txt"); - validatePrivateSet(jwks); - String encryptedKeySet = JwkUtils.encryptJwkSet(jwks, password.toCharArray()); - JweCompactConsumer c = new JweCompactConsumer(encryptedKeySet); - assertEquals("jwk-set+json", c.getJweHeaders().getContentType()); - assertEquals(KeyAlgorithm.PBES2_HS256_A128KW, c.getJweHeaders().getKeyEncryptionAlgorithm()); - assertEquals(ContentAlgorithm.A128CBC_HS256, c.getJweHeaders().getContentEncryptionAlgorithm()); - assertNotNull(c.getJweHeaders().getHeader("p2s")); - assertNotNull(c.getJweHeaders().getHeader("p2c")); - jwks = JwkUtils.decryptJwkSet(encryptedKeySet, password.toCharArray()); - validatePrivateSet(jwks); - } finally { - Security.removeProvider(BouncyCastleProvider.class.getName()); - } - } - @Test - public void testEncryptDecryptPrivateKey() throws Exception { - final String password = "Thus from my lips, by yours, my sin is purged."; - final String key = "{\"kty\":\"oct\"," - + "\"alg\":\"A128KW\"," - + "\"k\":\"GawgguFyGrWKav7AX4VKUg\"," - + "\"kid\":\"AesWrapKey\"}"; - Security.addProvider(new BouncyCastleProvider()); - try { - JsonWebKey jwk = readKey(key); - validateSecretAesKey(jwk); - String encryptedKey = JwkUtils.encryptJwkKey(jwk, password.toCharArray()); - JweCompactConsumer c = new JweCompactConsumer(encryptedKey); - assertEquals("jwk+json", c.getJweHeaders().getContentType()); - assertEquals(KeyAlgorithm.PBES2_HS256_A128KW, c.getJweHeaders().getKeyEncryptionAlgorithm()); - assertEquals(ContentAlgorithm.A128CBC_HS256, c.getJweHeaders().getContentEncryptionAlgorithm()); - assertNotNull(c.getJweHeaders().getHeader("p2s")); - assertNotNull(c.getJweHeaders().getHeader("p2c")); - jwk = JwkUtils.decryptJwkKey(encryptedKey, password.toCharArray()); - validateSecretAesKey(jwk); - } finally { - Security.removeProvider(BouncyCastleProvider.class.getName()); - } - } - - @Test - public void testSecretSetAsList() throws Exception { - JsonWebKeys jwks = readKeySet("jwkSecretSet.txt"); - List keys = jwks.getKeys(); - assertEquals(2, keys.size()); - JsonWebKey aesKey = keys.get(0); - assertEquals(4, aesKey.asMap().size()); - validateSecretAesKey(aesKey); - JsonWebKey hmacKey = keys.get(1); - assertEquals(4, hmacKey.asMap().size()); - validateSecretHmacKey(hmacKey); - } - - private void validateSecretAesKey(JsonWebKey key) { - assertEquals(AES_SECRET_VALUE, key.getProperty(JsonWebKey.OCTET_KEY_VALUE)); - assertEquals(AES_KID_VALUE, key.getKeyId()); - assertEquals(KeyType.OCTET, key.getKeyType()); - assertEquals(AlgorithmUtils.A128KW_ALGO, key.getAlgorithm()); - } - private void validateSecretHmacKey(JsonWebKey key) { - assertEquals(HMAC_SECRET_VALUE, key.getProperty(JsonWebKey.OCTET_KEY_VALUE)); - assertEquals(HMAC_KID_VALUE, key.getKeyId()); - assertEquals(KeyType.OCTET, key.getKeyType()); - assertEquals(AlgorithmUtils.HMAC_SHA_256_ALGO, key.getAlgorithm()); - } - - private void validatePublicRsaKey(JsonWebKey key) { - assertEquals(RSA_MODULUS_VALUE, key.getProperty(JsonWebKey.RSA_MODULUS)); - assertEquals(RSA_PUBLIC_EXP_VALUE, key.getProperty(JsonWebKey.RSA_PUBLIC_EXP)); - assertEquals(RSA_KID_VALUE, key.getKeyId()); - assertEquals(KeyType.RSA, key.getKeyType()); - assertEquals(AlgorithmUtils.RS_SHA_256_ALGO, key.getAlgorithm()); - } - private void validatePrivateRsaKey(JsonWebKey key) { - validatePublicRsaKey(key); - assertEquals(RSA_PRIVATE_EXP_VALUE, key.getProperty(JsonWebKey.RSA_PRIVATE_EXP)); - assertEquals(RSA_FIRST_PRIME_FACTOR_VALUE, key.getProperty(JsonWebKey.RSA_FIRST_PRIME_FACTOR)); - assertEquals(RSA_SECOND_PRIME_FACTOR_VALUE, key.getProperty(JsonWebKey.RSA_SECOND_PRIME_FACTOR)); - assertEquals(RSA_FIRST_PRIME_CRT_VALUE, key.getProperty(JsonWebKey.RSA_FIRST_PRIME_CRT)); - assertEquals(RSA_SECOND_PRIME_CRT_VALUE, key.getProperty(JsonWebKey.RSA_SECOND_PRIME_CRT)); - assertEquals(RSA_FIRST_CRT_COEFFICIENT_VALUE, key.getProperty(JsonWebKey.RSA_FIRST_CRT_COEFFICIENT)); - } - private void validatePublicEcKey(JsonWebKey key) { - assertEquals(EC_X_COORDINATE_VALUE, key.getProperty(JsonWebKey.EC_X_COORDINATE)); - assertEquals(EC_Y_COORDINATE_VALUE, key.getProperty(JsonWebKey.EC_Y_COORDINATE)); - assertEquals(EC_KID_VALUE, key.getKeyId()); - assertEquals(KeyType.EC, key.getKeyType()); - assertEquals(EC_CURVE_VALUE, key.getProperty(JsonWebKey.EC_CURVE)); - assertEquals(PublicKeyUse.ENCRYPT, key.getPublicKeyUse()); - } - private void validatePrivateEcKey(JsonWebKey key) { - validatePublicEcKey(key); - assertEquals(EC_PRIVATE_KEY_VALUE, key.getProperty(JsonWebKey.EC_PRIVATE_KEY)); - } - - public JsonWebKeys readKeySet(String fileName) throws Exception { - InputStream is = JsonWebKeyTest.class.getResourceAsStream(fileName); - String s = IOUtils.readStringFromStream(is); - return JwkUtils.readJwkSet(s); - } - public JsonWebKey readKey(String key) throws Exception { - return JwkUtils.readJwkKey(key); - } -} http://git-wip-us.apache.org/repos/asf/cxf/blob/66a81773/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwk/JwkUtilsTest.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwk/JwkUtilsTest.java b/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwk/JwkUtilsTest.java deleted file mode 100644 index 3f62f4f..0000000 --- a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwk/JwkUtilsTest.java +++ /dev/null @@ -1,94 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package org.apache.cxf.rs.security.jose.jwk; - -import org.junit.Assert; -import org.junit.Test; - -public class JwkUtilsTest extends Assert { - private static final String RSA_KEY = "{" - + "\"kty\": \"RSA\"," - + "\"n\": \"0vx7agoebGcQSuuPiLJXZptN9nndrQmbXEps2aiAFbWhM78LhWx4cbbfAAt" - + "VT86zwu1RK7aPFFxuhDR1L6tSoc_BJECPebWKRXjBZCiFV4n3oknjhMstn6" - + "4tZ_2W-5JsGY4Hc5n9yBXArwl93lqt7_RN5w6Cf0h4QyQ5v-65YGjQR0_FD" - + "W2QvzqY368QQMicAtaSqzs8KJZgnYb9c7d0zgdAZHzu6qMQvRL5hajrn1n9" - + "1CbOpbISD08qNLyrdkt-bFTWhAI4vMQFh6WeZu0fM4lFd2NcRwr3XPksINH" - + "aQ-G_xBniIqbw0Ls1jF44-csFCur-kEgU8awapJzKnqDKgw\"," - + "\"e\": \"AQAB\"," - + "\"alg\": \"RS256\"," - + "\"kid\": \"2011-04-29\"" - + "}"; - private static final String EC_256_KEY = "{" - + "\"kty\": \"EC\"," - + "\"x\": \"CEuRLUISufhcjrj-32N0Bvl3KPMiHH9iSw4ohN9jxrA\"," - + "\"y\": \"EldWz_iXSK3l_S7n4w_t3baxos7o9yqX0IjzG959vHc\"," - + "\"crv\": \"P-256\"" - + "}"; - private static final String EC_384_KEY = "{" - + "\"kty\": \"EC\"," - + "\"x\": \"2jCG5DmKUql9YPn7F2C-0ljWEbj8O8-vn5Ih1k7Wzb-y3NpBLiG1BiRa392b1kcQ\"," - + "\"y\": \"7Ragi9rT-5tSzaMbJlH_EIJl6rNFfj4V4RyFM5U2z4j1hesX5JXa8dWOsE-5wPIl\"," - + "\"crv\": \"P-384\"" - + "}"; - private static final String EC_521_KEY = "{" - + "\"kty\": \"EC\"," - + "\"x\": \"Aeq3uMrb3iCQEt0PzSeZMmrmYhsKP5DM1oMP6LQzTFQY9-F3Ab45xiK4AJxltXEI-87g3gRwId88hTyHgq180JDt\"," - + "\"y\": \"ARA0lIlrZMEzaXyXE4hjEkc50y_JON3qL7HSae9VuWpOv_2kit8p3pyJBiRb468_U5ztLT7FvDvtimyS42trhDTu\"," - + "\"crv\": \"P-521\"" - + "}"; - private static final String OCTET_KEY_1 = "{" - + "\"kty\": \"oct\"," - + "\"k\": \"ZW8Eg8TiwoT2YamLJfC2leYpLgLmUAh_PcMHqRzBnMg\"" - + "}"; - private static final String OCTET_KEY_2 = "{" - + "\"kty\": \"oct\"," - + "\"k\": \"NGbwp1rC4n85A1SaNxoHow\"" - + "}"; - @Test - public void testRsaKeyThumbprint() throws Exception { - String thumbprint = JwkUtils.getThumbprint(RSA_KEY); - assertEquals("NzbLsXh8uDCcd-6MNwXF4W_7noWXFZAfHkxZsRGC9Xs", thumbprint); - } - @Test - public void testOctetKey1Thumbprint() throws Exception { - String thumbprint = JwkUtils.getThumbprint(OCTET_KEY_1); - assertEquals("7WWD36NF4WCpPaYtK47mM4o0a5CCeOt01JXSuMayv5g", thumbprint); - } - @Test - public void testOctetKey2Thumbprint() throws Exception { - String thumbprint = JwkUtils.getThumbprint(OCTET_KEY_2); - assertEquals("5_qb56G0OJDw-lb5mkDaWS4MwuY0fatkn9LkNqUHqMk", thumbprint); - } - @Test - public void testEc256KeyThumbprint() throws Exception { - String thumbprint = JwkUtils.getThumbprint(EC_256_KEY); - assertEquals("j4UYwo9wrtllSHaoLDJNh7MhVCL8t0t8cGPPzChpYDs", thumbprint); - } - @Test - public void testEc384KeyThumbprint() throws Exception { - String thumbprint = JwkUtils.getThumbprint(EC_384_KEY); - assertEquals("vZtaWIw-zw95JNzzURg1YB7mWNLlm44YZDZzhrPNetM", thumbprint); - } - @Test - public void testEc521KeyThumbprint() throws Exception { - String thumbprint = JwkUtils.getThumbprint(EC_521_KEY); - assertEquals("rz4Ohmpxg-UOWIWqWKHlOe0bHSjNUFlHW5vwG_M7qYg", thumbprint); - } - -} http://git-wip-us.apache.org/repos/asf/cxf/blob/66a81773/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwk/jwkPrivateSet.txt ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwk/jwkPrivateSet.txt b/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwk/jwkPrivateSet.txt deleted file mode 100644 index cb30c04..0000000 --- a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwk/jwkPrivateSet.txt +++ /dev/null @@ -1,23 +0,0 @@ -{"keys": - [ - {"kty":"EC", - "crv":"P-256", - "x":"MKBCTNIcKUSDii11ySs3526iDZ8AiTo7Tu6KPAqv7D4", - "y":"4Etl6SRW2YiLUrN5vfvVHuhp7x8PxltmWWlbbM4IFyM", - "d":"870MB6gfuTJ4HtUnUvYMyJpr5eUZNP4Bk43bVdj3eAE", - "use":"enc", - "kid":"1"}, - - {"kty":"RSA", - "n":"0vx7agoebGcQSuuPiLJXZptN9nndrQmbXEps2aiAFbWhM78LhWx4cbbfAAtVT86zwu1RK7aPFFxuhDR1L6tSoc_BJECPebWKRXjBZCiFV4n3oknjhMstn64tZ_2W-5JsGY4Hc5n9yBXArwl93lqt7_RN5w6Cf0h4QyQ5v-65YGjQR0_FDW2QvzqY368QQMicAtaSqzs8KJZgnYb9c7d0zgdAZHzu6qMQvRL5hajrn1n91CbOpbISD08qNLyrdkt-bFTWhAI4vMQFh6WeZu0fM4lFd2NcRwr3XPksINHaQ-G_xBniIqbw0Ls1jF44-csFCur-kEgU8awapJzKnqDKgw", - "e":"AQAB", - "d":"X4cTteJY_gn4FYPsXB8rdXix5vwsg1FLN5E3EaG6RJoVH-HLLKD9M7dx5oo7GURknchnrRweUkC7hT5fJLM0WbFAKNLWY2vv7B6NqXSzUvxT0_YSfqijwp3RTzlBaCxWp4doFk5N2o8Gy_nHNKroADIkJ46pRUohsXywbReAdYaMwFs9tv8d_cPVY3i07a3t8MN6TNwm0dSawm9v47UiCl3Sk5ZiG7xojPLu4sbg1U2jx4IBTNBznbJSzFHK66jT8bgkuqsk0GjskDJk19Z4qwjwbsnn4j2WBii3RL-Us2lGVkY8fkFzme1z0HbIkfz0Y6mqnOYtqc0X4jfcKoAC8Q", - "p":"83i-7IvMGXoMXCskv73TKr8637FiO7Z27zv8oj6pbWUQyLPQBQxtPVnwD20R-60eTDmD2ujnMt5PoqMrm8RfmNhVWDtjjMmCMjOpSXicFHj7XOuVIYQyqVWlWEh6dN36GVZYk93N8Bc9vY41xy8B9RzzOGVQzXvNEvn7O0nVbfs", - "q":"3dfOR9cuYq-0S-mkFLzgItgMEfFzB2q3hWehMuG0oCuqnb3vobLyumqjVZQO1dIrdwgTnCdpYzBcOfW5r370AFXjiWft_NGEiovonizhKpo9VVS78TzFgxkIdrecRezsZ-1kYd_s1qDbxtkDEgfAITAG9LUnADun4vIcb6yelxk", - "dp":"G4sPXkc6Ya9y8oJW9_ILj4xuppu0lzi_H7VTkS8xj5SdX3coE0oimYwxIi2emTAue0UOa5dpgFGyBJ4c8tQ2VF402XRugKDTP8akYhFo5tAA77Qe_NmtuYZc3C3m3I24G2GvR5sSDxUyAN2zq8Lfn9EUms6rY3Ob8YeiKkTiBj0", - "dq":"s9lAH9fggBsoFR8Oac2R_E2gw282rT2kGOAhvIllETE1efrA6huUUvMfBcMpn8lqeW6vzznYY5SSQF7pMdC_agI3nG8Ibp1BUb0JUiraRNqUfLhcQb_d9GF4Dh7e74WbRsobRonujTYN1xCaP6TO61jvWrX-L18txXw494Q_cgk", - "qi":"GyM_p6JrXySiz1toFgKbWV-JdI3jQ4ypu9rbMWx3rQJBfmt0FoYzgUIZEVFEcOqwemRN81zoDAaa-Bk0KWNGDjJHZDdDmFhW3AN7lI-puxk_mHZGJ11rxyR8O55XLSe3SPmRfKwZI6yU24ZxvQKFYItdldUKGzO6Ia6zTKhAVRU", - "alg":"RS256", - "kid":"2011-04-29"} - ] - } http://git-wip-us.apache.org/repos/asf/cxf/blob/66a81773/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwk/jwkPublicSet.txt ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwk/jwkPublicSet.txt b/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwk/jwkPublicSet.txt deleted file mode 100644 index 2fd93f6..0000000 --- a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwk/jwkPublicSet.txt +++ /dev/null @@ -1,27 +0,0 @@ -{"keys": - [ - {"kty":"EC", - "crv":"P-256", - "x":"MKBCTNIcKUSDii11ySs3526iDZ8AiTo7Tu6KPAqv7D4", - "y":"4Etl6SRW2YiLUrN5vfvVHuhp7x8PxltmWWlbbM4IFyM", - "use":"enc", - "kid":"1"}, - - {"kty":"RSA", - "n": "0vx7agoebGcQSuuPiLJXZptN9nndrQmbXEps2aiAFbWhM78LhWx4cbbfAAtVT86zwu1RK7aPFFxuhDR1L6tSoc_BJECPebWKRXjBZCiFV4n3oknjhMstn64tZ_2W-5JsGY4Hc5n9yBXArwl93lqt7_RN5w6Cf0h4QyQ5v-65YGjQR0_FDW2QvzqY368QQMicAtaSqzs8KJZgnYb9c7d0zgdAZHzu6qMQvRL5hajrn1n91CbOpbISD08qNLyrdkt-bFTWhAI4vMQFh6WeZu0fM4lFd2NcRwr3XPksINHaQ-G_xBniIqbw0Ls1jF44-csFCur-kEgU8awapJzKnqDKgw", - "e":"AQAB", - "alg":"RS256", - "kid":"2011-04-29"}, - - { - "kty":"RSA", - "kid":"RSACerts", - "x5c": [ - "MIIE3jCCA8agAwIBAgICAwEwDQYJKoZIhvcNAQEFBQAwYzELMAkGA1UEBhMCVVMxITAfBgNVBAoTGFRoZSBHbyBEYWRkeSBHcm91cCwgSW5jLjExMC8GA1UECxMoR28gRGFkZHkgQ2xhc3MgMiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNjExMTYwMTU0MzdaFw0yNjExMTYwMTU0MzdaMIHKMQswCQYDVQQGEwJVUzEQMA4GA1UECBMHQXJpem9uYTETMBEGA1UEBxMKU2NvdHRzZGFsZTEaMBgGA1UEChMRR29EYWRkeS5jb20sIEluYy4xMzAxBgNVBAsTKmh0dHA6Ly9jZXJ0aWZpY2F0ZXMuZ29kYWRkeS5jb20vcmVwb3NpdG9yeTEwMC4GA1UEAxMnR28gRGFkZHkgU2VjdXJlIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MREwDwYDVQQFEwgwNzk2OTI4NzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMQt1RWMnCZM7DI161+4WQFapmGBWTtwY6vj3D3HKrjJM9N55DrtPDAjhI6zMBS2sofDPZVUBJ7fmd0LJR4h3mUpfjWoqVTr9vcyOdQmVZWt7/v+WIbXnvQAjYwqDL1CBM6nPwT27oDyqu9SoWlm2r4arV3aLGbqGmu75RpRSgAvSMeYddi5Kcju+GZtCpyz8/x4fKL4o/K1w/O5epHBp+YlLpyo7RJlbmr2EkRTcDCVw5wrWCs9CHRK8r5RsL+H0EwnWGu1NcWdrxcx+AuP7q2BNgWJCJjPOq8lh8BJ6qf9Z/dFjpfMFDniNoW1fho3/Rb2cRGadDAW/hOUoz+EDU8CAwEAAaOCATIwggEuMB0GA1UdDgQWBBT9rGEyk2xF1uLuhV+auud2mWjM5zAfBgNVHSMEGDAWgBTSxLDSkdRMEXGzYcs9of7dqGrU4zA SBgNVHRMBAf8ECDAGAQH/AgEAMDMGCCsGAQUFBwEBBCcwJTAjBggrBgEFBQcwAYYXaHR0cDovL29jc3AuZ29kYWRkeS5jb20wRgYDVR0fBD8wPTA7oDmgN4Y1aHR0cDovL2NlcnRpZmljYXRlcy5nb2RhZGR5LmNvbS9yZXBvc2l0b3J5L2dkcm9vdC5jcmwwSwYDVR0gBEQwQjBABgRVHSAAMDgwNgYIKwYBBQUHAgEWKmh0dHA6Ly9jZXJ0aWZpY2F0ZXMuZ29kYWRkeS5jb20vcmVwb3NpdG9yeTAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQEFBQADggEBANKGwOy9+aG2Z+5mC6IGOgRQjhVyrEp0lVPLN8tESe8HkGsz2ZbwlFalEzAFPIUyIXvJxwqoJKSQ3kbTJSMUA2fCENZvD117esyfxVgqwcSeIaha86ykRvOe5GPLL5CkKSkB2XIsKd83ASe8T+5o0yGPwLPk9Qnt0hCqU7S+8MxZC9Y7lhyVJEnfzuz9p0iRFEUOOjZv2kWzRaJBydTXRE4+uXR21aITVSzGh6O1mawGhId/dQb8vxRMDsxuxN89txJx9OjxUUAiKEngHUuHqDTMBqLdElrRhjZkAzVvb3du6/KFUJheqwNTrZEjYx8WnM25sgVjOuH0aBsXBTWVU+4=", - "MIIE+zCCBGSgAwIBAgICAQ0wDQYJKoZIhvcNAQEFBQAwgbsxJDAiBgNVBAcTG1ZhbGlDZXJ0IFZhbGlkYXRpb24gTmV0d29yazEXMBUGA1UEChMOVmFsaUNlcnQsIEluYy4xNTAzBgNVBAsTLFZhbGlDZXJ0IENsYXNzIDIgUG9saWN5IFZhbGlkYXRpb24gQXV0aG9yaXR5MSEwHwYDVQQDExhodHRwOi8vd3d3LnZhbGljZXJ0LmNvbS8xIDAeBgkqhkiG9w0BCQEWEWluZm9AdmFsaWNlcnQuY29tMB4XDTA0MDYyOTE3MDYyMFoXDTI0MDYyOTE3MDYyMFowYzELMAkGA1UEBhMCVVMxITAfBgNVBAoTGFRoZSBHbyBEYWRkeSBHcm91cCwgSW5jLjExMC8GA1UECxMoR28gRGFkZHkgQ2xhc3MgMiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCASAwDQYJKoZIhvcNAQEBBQADggENADCCAQgCggEBAN6d1+pXGEmhW+vXX0iG6r7d/+TvZxz0ZWizV3GgXne77ZtJ6XCAPVYYYwhv2vLM0D9/AlQiVBDYsoHUwHU9S3/Hd8M+eKsaA7Ugay9qK7HFiH7Eux6wwdhFJ2+qN1j3hybX2C32qRe3H3I2TqYXP2WYktsqbl2i/ojgC95/5Y0V4evLOtXiEqITLdiOr18SPaAIBQi2XKVlOARFmR6jYGB0xUGlcmIbYsUfb18aQr4CUWWoriMYavx4A6lNf4DD+qta/KFApMoZFv6yyO9ecw3ud72a9nmYvLEHZ6IVDd2gWMZEewo+YihfukEHU1jPEX44dMX4/7VpkI+EdOqXG68CAQOjggHhMIIB3TAdBgNVHQ4EFgQU0sSw0pHUTBFxs2HLPaH+3ahq1OMwgdIGA1UdIwSByjCBx6GBwaSBvjCBuzEkMCIGA1UEBxMbVmFsaUNlcnQgVmFsaWRhdGl vbiBOZXR3b3JrMRcwFQYDVQQKEw5WYWxpQ2VydCwgSW5jLjE1MDMGA1UECxMsVmFsaUNlcnQgQ2xhc3MgMiBQb2xpY3kgVmFsaWRhdGlvbiBBdXRob3JpdHkxITAfBgNVBAMTGGh0dHA6Ly93d3cudmFsaWNlcnQuY29tLzEgMB4GCSqGSIb3DQEJARYRaW5mb0B2YWxpY2VydC5jb22CAQEwDwYDVR0TAQH/BAUwAwEB/zAzBggrBgEFBQcBAQQnMCUwIwYIKwYBBQUHMAGGF2h0dHA6Ly9vY3NwLmdvZGFkZHkuY29tMEQGA1UdHwQ9MDswOaA3oDWGM2h0dHA6Ly9jZXJ0aWZpY2F0ZXMuZ29kYWRkeS5jb20vcmVwb3NpdG9yeS9yb290LmNybDBLBgNVHSAERDBCMEAGBFUdIAAwODA2BggrBgEFBQcCARYqaHR0cDovL2NlcnRpZmljYXRlcy5nb2RhZGR5LmNvbS9yZXBvc2l0b3J5MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQUFAAOBgQC1QPmnHfbq/qQaQlpE9xXUhUaJwL6e4+PrxeNYiY+Sn1eocSxI0YGyeR+sBjUZsE4OWBsUs5iB0QQeyAfJg594RAoYC5jcdnplDQ1tgMQLARzLrUc+cb53S8wGd9D0VmsfSxOaFIqII6hR8INMqzW/Rn453HWkrugp++85j09VZw==", - "MIIC5zCCAlACAQEwDQYJKoZIhvcNAQEFBQAwgbsxJDAiBgNVBAcTG1ZhbGlDZXJ0IFZhbGlkYXRpb24gTmV0d29yazEXMBUGA1UEChMOVmFsaUNlcnQsIEluYy4xNTAzBgNVBAsTLFZhbGlDZXJ0IENsYXNzIDIgUG9saWN5IFZhbGlkYXRpb24gQXV0aG9yaXR5MSEwHwYDVQQDExhodHRwOi8vd3d3LnZhbGljZXJ0LmNvbS8xIDAeBgkqhkiG9w0BCQEWEWluZm9AdmFsaWNlcnQuY29tMB4XDTk5MDYyNjAwMTk1NFoXDTE5MDYyNjAwMTk1NFowgbsxJDAiBgNVBAcTG1ZhbGlDZXJ0IFZhbGlkYXRpb24gTmV0d29yazEXMBUGA1UEChMOVmFsaUNlcnQsIEluYy4xNTAzBgNVBAsTLFZhbGlDZXJ0IENsYXNzIDIgUG9saWN5IFZhbGlkYXRpb24gQXV0aG9yaXR5MSEwHwYDVQQDExhodHRwOi8vd3d3LnZhbGljZXJ0LmNvbS8xIDAeBgkqhkiG9w0BCQEWEWluZm9AdmFsaWNlcnQuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDOOnHK5avIWZJV16vYdA757tn2VUdZZUcOBVXc65g2PFxTXdMwzzjsvUGJ7SVCCSRrCl6zfN1SLUzm1NZ9WlmpZdRJEy0kTRxQb7XBhVQ7/nHk01xC+YDgkRoKWzk2Z/M/VXwbP7RfZHM047QSv4dk+NoS/zcnwbNDu+97bi5p9wIDAQABMA0GCSqGSIb3DQEBBQUAA4GBADt/UG9vUJSZSWI4OB9L+KXIPqeCgfYrx+jFzug6EILLGACOTb2oWH+heQC1u+mNr0HZDzTuIYEZoDJJKPTEjlbVUjP9UNV+mWwD5MlM/Mtsq2azSiGM5bUMMj4QssxsodyamEwCW/POuZ6lcg5Ktz885hZo+L7 tdEy8W9ViH0Pd" - ] - } - - ] - } \ No newline at end of file http://git-wip-us.apache.org/repos/asf/cxf/blob/66a81773/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwk/jwkSecretSet.txt ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwk/jwkSecretSet.txt b/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwk/jwkSecretSet.txt deleted file mode 100644 index 6520c75..0000000 --- a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwk/jwkSecretSet.txt +++ /dev/null @@ -1,13 +0,0 @@ -{"keys": - [ - {"kty":"oct", - "alg":"A128KW", - "k":"GawgguFyGrWKav7AX4VKUg", - "kid":"AesWrapKey"}, - - {"kty":"oct", - "alg":"HS256", - "k":"AyM1SysPpbyDfgZld3umj1qzKObwVMkoqQ-EstJQLr_T-1qS0gZH75aKtMN3Yj0iPS4hcgUuTwjAzZr1Z9CAow", - "kid":"HMACKey"} - ] - } \ No newline at end of file http://git-wip-us.apache.org/repos/asf/cxf/blob/66a81773/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsCompactHeaderTest.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsCompactHeaderTest.java b/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsCompactHeaderTest.java deleted file mode 100644 index 39c6d3c..0000000 --- a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsCompactHeaderTest.java +++ /dev/null @@ -1,203 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package org.apache.cxf.rs.security.jose.jws; - -import java.util.ArrayList; -import java.util.List; - -import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm; - -import org.junit.Assert; -import org.junit.Test; - -public class JwsCompactHeaderTest extends Assert { - - /** - * JWS string, which lacks the "alg" header field. - * - * => Must be rejected by verification operation, since the spec declares - * that the "alg" header field must be present in the compact serialization. - */ - public static final String MISSING_ALG_HEADER_FIELD_IN_JWS = - "eyAiZ2xhIiA6ICJDQU1IIiB9.eyAibXNnIjogIllvdSBjYW4ndCB0b3VjaCB0aGlzISIgfQ" - + ".Sqd_AuwlPPqv4L1EV4zPuR-HfFJpe9kOfvc597RlcoE"; - - /** - * JWS string, which contains two "alg" header fields. Bogus "alg" header - * field first. - * - * => Must be rejected by verification operation, since the spec declares - * that the "alg" header field must be present once in the compact - * serialization. - */ - public static final String TWO_ALG_HEADER_FIELDS_IN_JWS_BOGUS_FIRST = - "eyAiYWxnIjogIkJvZ3VzIiwgImFsZyI6ICJIUzI1NiIgfQ.eyAibXNnIjogIllvdSBjYW4ndCB0b3VjaCB0aGlzISIgfQ" - + ".FIgpDi1Wp9iIxxXfBw8Zce2kiZ8gmqAaVYPduRFR8kU"; - - /** - * JWS string, which contains two "alg" header fields. Bogus "alg" header - * field last. - * - * => Must be rejected by verification operation, since the spec declares - * that the "alg" header field must be present once in the compact - * serialization. - */ - public static final String TWO_ALG_HEADER_FIELDS_IN_JWS_BOGUS_LAST = - "eyAiYWxnIjogIkhTMjU2IiwgImFsZyI6ICJCb2d1cyIgfQ.eyAibXNnIjogIllvdSBjYW4ndCB0b3VjaCB0aGlzISIgfQ" - + ".Ftwla-nAg0Nty8ILVhjlIETOy2Tw1JsD3bBq55AS0PU"; - - /** - * JWS string, which contains an invalid "alg" header field value. - * - * (1): Algorithm not supported/known - * - * => Must be rejected by verification operation, since the spec declares - * that the signature is not valid if the "alg" value does not represent a - * supported algorithm. "alg" values should either be registered in the IANA - * JSON Web Signature and Encryption Algorithms registry defined in JWA or - * be a value that contains a Collision-Resistant Name. - */ - public static final String INVALID_ALG_HEADER_VALUE_IN_JWS_1 = "tba"; - - /** - * JWS string, which contains an invalid "alg" header field value. - * - * (2): Wrong value encoding - * - * => Must be rejected by verification operation, since the spec declares - * that the "alg" value is a case-sensitive string containing a StringOrURI - * value. - */ - public static final String INVALID_ALG_HEADER_VALUE_IN_JWS_2 = "tba"; - - /** - * JWS string, which contains a "alg" header field value of "none". The - * signature has been generated with "HS256" and the signed JWS has been - * altered afterwards to the value "none". - * - * => Must be rejected by verification operation, since the "none" algorithm - * is considered harmful. - */ - public static final String ALG_HEADER_VALUE_HS256_IN_JWS = - "eyAiYWxnIjogIkhTMjU2IiB9" - + ".eyAibXNnIjogIllvdSBjYW4ndCB0b3VjaCB0aGlzISIgfQ" - + ".as_gclokwAmukh3zVF1X5sUCCfSc8TbjDdhdvk6C5c8"; - public static final String ALG_HEADER_VALUE_NONE_IN_JWS = - "eyAiYWxnIjogIm5vbmUiIH0" - + ".eyAibXNnIjogIllvdSBjYW4ndCB0b3VjaCB0aGlzISIgfQ" - + ".as_gclokwAmukh3zVF1X5sUCCfSc8TbjDdhdvk6C5c8"; - - - /** - * Support material (keys, etc.) - */ - private static final String ENCODED_MAC_KEY = "AyM1SysPpbyDfgZld3umj1qzKObwVMkoqQ-EstJQLr_T-1qS0gZH75" - + "aKtMN3Yj0iPS4hcgUuTwjAzZr1Z9CAow"; - - // JWS string, which contains crit header field - // JWS string, which contains more than three parts - // JWS string, which contains less than three parts - // JWS string, which contains null bytes padding - - @Test - public void verifyJwsWithMissingAlgHeaderField() throws Exception { - JwsCompactConsumer jwsConsumer = new JwsCompactConsumer(MISSING_ALG_HEADER_FIELD_IN_JWS); - - assertFalse(jwsConsumer.verifySignatureWith(new HmacJwsSignatureVerifier(ENCODED_MAC_KEY, - SignatureAlgorithm.HS256))); - } - - @Test - public void verifyJwsWithTwoAlgHeaderFieldsBogusFieldFirst() throws Exception { - JwsCompactConsumer jwsConsumer = new JwsCompactConsumer(TWO_ALG_HEADER_FIELDS_IN_JWS_BOGUS_FIRST); - - boolean result = jwsConsumer.verifySignatureWith(new HmacJwsSignatureVerifier(ENCODED_MAC_KEY, - SignatureAlgorithm.HS256)); - assertFalse(result); - } - - @Test - public void verifyJwsWithTwoAlgHeaderFieldsBogusFieldLast() throws Exception { - JwsCompactConsumer jwsConsumer = new JwsCompactConsumer(TWO_ALG_HEADER_FIELDS_IN_JWS_BOGUS_LAST); - - assertFalse(jwsConsumer.verifySignatureWith(new HmacJwsSignatureVerifier(ENCODED_MAC_KEY, - SignatureAlgorithm.HS256))); - } - - @Test - public void verifyJwsWithAlgHeaderValueNone() throws Exception { - JwsCompactConsumer jwsConsumerOriginal = new JwsCompactConsumer(ALG_HEADER_VALUE_HS256_IN_JWS); - - JwsCompactConsumer jwsConsumerAltered = new JwsCompactConsumer(ALG_HEADER_VALUE_NONE_IN_JWS); - - assertTrue(jwsConsumerOriginal.verifySignatureWith(new HmacJwsSignatureVerifier(ENCODED_MAC_KEY, - SignatureAlgorithm.HS256))); - - assertFalse(jwsConsumerAltered.verifySignatureWith(new HmacJwsSignatureVerifier(ENCODED_MAC_KEY, - SignatureAlgorithm.HS256))); - } - - @Test - public void testCriticalHeader() { - String payload = "this is a JWS with critical header"; - String criticalParameter = "criticalParameter"; - String criticalParameter1 = "criticalParameter1"; - String criticalParameter2 = "criticalParameter2"; - String criticalParameter3 = "criticalParameter3"; - String criticalValue = "criticalValue"; - String criticalValue1 = "criticalValue1"; - String criticalValue2 = "criticalValue2"; - String criticalValue3 = "criticalValue3"; - JwsCompactProducer producer = new JwsCompactProducer(payload); - producer.getJwsHeaders().setSignatureAlgorithm(SignatureAlgorithm.HS512); - List criticalHeader = new ArrayList(); - criticalHeader.add(criticalParameter1); - producer.getJwsHeaders().setCritical(criticalHeader); - producer.signWith(new HmacJwsSignatureProvider(ENCODED_MAC_KEY, SignatureAlgorithm.HS256)); - String signedJws = producer.getSignedEncodedJws(); - JwsCompactConsumer consumer = new JwsCompactConsumer(signedJws); - assertFalse(consumer.validateCriticalHeaders()); - - criticalHeader.add(criticalParameter2); - criticalHeader.add(criticalParameter3); - producer = new JwsCompactProducer(payload); - producer.getJwsHeaders().setSignatureAlgorithm(SignatureAlgorithm.HS512); - producer.getJwsHeaders().setCritical(criticalHeader); - producer.getJwsHeaders().setHeader(criticalParameter1, criticalValue1); - producer.getJwsHeaders().setHeader(criticalParameter2, criticalValue2); - producer.getJwsHeaders().setHeader(criticalParameter3, criticalValue3); - producer.signWith(new HmacJwsSignatureProvider(ENCODED_MAC_KEY, SignatureAlgorithm.HS256)); - signedJws = producer.getSignedEncodedJws(); - consumer = new JwsCompactConsumer(signedJws); - assertTrue(consumer.validateCriticalHeaders()); - - criticalHeader = new ArrayList(); - criticalHeader.add(criticalParameter); - criticalHeader.add(criticalParameter); - producer = new JwsCompactProducer(payload); - producer.getJwsHeaders().setSignatureAlgorithm(SignatureAlgorithm.HS512); - producer.getJwsHeaders().setHeader(criticalParameter, criticalValue); - producer.getJwsHeaders().setCritical(criticalHeader); - producer.signWith(new HmacJwsSignatureProvider(ENCODED_MAC_KEY, SignatureAlgorithm.HS256)); - signedJws = producer.getSignedEncodedJws(); - consumer = new JwsCompactConsumer(signedJws); - assertFalse(consumer.validateCriticalHeaders()); - } -} - http://git-wip-us.apache.org/repos/asf/cxf/blob/66a81773/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsCompactReaderWriterTest.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsCompactReaderWriterTest.java b/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsCompactReaderWriterTest.java deleted file mode 100644 index 64f04ce..0000000 --- a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsCompactReaderWriterTest.java +++ /dev/null @@ -1,307 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package org.apache.cxf.rs.security.jose.jws; - -import java.security.PrivateKey; -import java.security.Security; -import java.security.interfaces.ECPrivateKey; -import java.security.interfaces.ECPublicKey; -import java.security.interfaces.RSAPublicKey; -import java.util.Arrays; -import java.util.LinkedHashMap; -import java.util.List; -import java.util.Map; - -import org.apache.cxf.rs.security.jose.JoseConstants; -import org.apache.cxf.rs.security.jose.JoseHeaders; -import org.apache.cxf.rs.security.jose.JoseType; -import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm; -import org.apache.cxf.rs.security.jose.jwk.JsonWebKey; -import org.apache.cxf.rs.security.jose.jwk.KeyOperation; -import org.apache.cxf.rs.security.jose.jwk.KeyType; -import org.apache.cxf.rs.security.jose.jwt.JwtClaims; -import org.apache.cxf.rs.security.jose.jwt.JwtToken; -import org.apache.cxf.rs.security.jose.jwt.JwtTokenReaderWriter; -import org.apache.cxf.rt.security.crypto.CryptoUtils; -import org.bouncycastle.jce.provider.BouncyCastleProvider; - -import org.junit.Assert; -import org.junit.Test; - -public class JwsCompactReaderWriterTest extends Assert { - - public static final String TOKEN_WITH_DETACHED_UNENCODED_PAYLOAD = - "eyJhbGciOiJIUzI1NiIsImI2NCI6ZmFsc2V9..GsyM6AQJbQHY8aQKCbZSPJHzMRWo3HKIlcDuXof7nqs"; - public static final String UNSIGNED_PLAIN_DOCUMENT = "$.02"; - - public static final String ENCODED_TOKEN_SIGNED_BY_MAC = - "eyJ0eXAiOiJKV1QiLA0KICJhbGciOiJIUzI1NiJ9" - + ".eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ" - + ".dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXk"; - - - private static final String ENCODED_MAC_KEY = "AyM1SysPpbyDfgZld3umj1qzKObwVMkoqQ-EstJQLr_T-1qS0gZH75" - + "aKtMN3Yj0iPS4hcgUuTwjAzZr1Z9CAow"; - - private static final String ENCODED_TOKEN_WITH_JSON_KEY_SIGNED_BY_MAC = - "eyJ0eXAiOiJKV1QiLA0KICJhbGciOiJIU" - + "zI1NiIsDQogImp3ayI6eyJrdHkiOiJvY3QiLA0KICJrZXlfb3BzIjpbDQogInNpZ24iLA0KICJ2ZXJpZnkiDQogXX19" - + ".eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ" - + ".8cFZqb15gEDYRZqSzUu23nQnKNynru1ADByRPvmmOq8"; - - private static final String RSA_MODULUS_ENCODED = "ofgWCuLjybRlzo0tZWJjNiuSfb4p4fAkd_wWJcyQoTbji9k0l8W26mPddx" - + "HmfHQp-Vaw-4qPCJrcS2mJPMEzP1Pt0Bm4d4QlL-yRT-SFd2lZS-pCgNMs" - + "D1W_YpRPEwOWvG6b32690r2jZ47soMZo9wGzjb_7OMg0LOL-bSf63kpaSH" - + "SXndS5z5rexMdbBYUsLA9e-KXBdQOS-UTo7WTBEMa2R2CapHg665xsmtdV" - + "MTBQY4uDZlxvb3qCo5ZwKh9kG4LT6_I5IhlJH7aGhyxXFvUK-DWNmoudF8" - + "NAco9_h9iaGNj8q2ethFkMLs91kzk2PAcDTW9gb54h4FRWyuXpoQ"; - private static final String RSA_PUBLIC_EXPONENT_ENCODED = "AQAB"; - private static final String RSA_PRIVATE_EXPONENT_ENCODED = - "Eq5xpGnNCivDflJsRQBXHx1hdR1k6Ulwe2JZD50LpXyWPEAeP88vLNO97I" - + "jlA7_GQ5sLKMgvfTeXZx9SE-7YwVol2NXOoAJe46sui395IW_GO-pWJ1O0" - + "BkTGoVEn2bKVRUCgu-GjBVaYLU6f3l9kJfFNS3E0QbVdxzubSu3Mkqzjkn" - + "439X0M_V51gfpRLI9JYanrC4D4qAdGcopV_0ZHHzQlBjudU2QvXt4ehNYT" - + "CBr6XCLQUShb1juUO1ZdiYoFaFQT5Tw8bGUl_x_jTj3ccPDVZFD9pIuhLh" - + "BOneufuBiB4cS98l2SR_RQyGWSeWjnczT0QU91p1DhOVRuOopznQ"; - private static final String ENCODED_TOKEN_SIGNED_BY_PRIVATE_KEY = - "eyJhbGciOiJSUzI1NiJ9" - + "." - + "eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFt" - + "cGxlLmNvbS9pc19yb290Ijp0cnVlfQ" - + "." - + "cC4hiUPoj9Eetdgtv3hF80EGrhuB__dzERat0XF9g2VtQgr9PJbu3XOiZj5RZmh7" - + "AAuHIm4Bh-0Qc_lF5YKt_O8W2Fp5jujGbds9uJdbF9CUAr7t1dnZcAcQjbKBYNX4" - + "BAynRFdiuB--f_nZLgrnbyTyWzO75vRK5h6xBArLIARNPvkSjtQBMHlb1L07Qe7K" - + "0GarZRmB_eSN9383LcOLn6_dO--xi12jzDwusC-eOkHWEsqtFZESc6BfI7noOPqv" - + "hJ1phCnvWh6IeYI2w9QOYEUipUTI8np6LbgGY9Fs98rqVt5AXLIhWkWywlVmtVrB" - + "p0igcN_IoypGlUPQGe77Rw"; - - private static final String EC_PRIVATE_KEY_ENCODED = - "jpsQnnGQmL-YBIffH1136cspYG6-0iY7X1fCE9-E9LI"; - private static final String EC_X_POINT_ENCODED = - "f83OJ3D2xF1Bg8vub9tLe1gHMzV76e8Tus9uPHvRVEU"; - private static final String EC_Y_POINT_ENCODED = - "x_FEzRu9m36HLN_tue659LNpXW6pCyStikYjKIWI5a0"; - @Test - public void testWriteJwsSignedByMacSpecExample() throws Exception { - JwsHeaders headers = new JwsHeaders(); - headers.setType(JoseType.JWT); - headers.setSignatureAlgorithm(SignatureAlgorithm.HS256); - JwsCompactProducer jws = initSpecJwtTokenWriter(headers); - jws.signWith(new HmacJwsSignatureProvider(ENCODED_MAC_KEY, SignatureAlgorithm.HS256)); - - assertEquals(ENCODED_TOKEN_SIGNED_BY_MAC, jws.getSignedEncodedJws()); - } - @Test - public void testWriteReadJwsUnencodedPayload() throws Exception { - JwsHeaders headers = new JwsHeaders(SignatureAlgorithm.HS256); - headers.setPayloadEncodingStatus(false); - JwsCompactProducer producer = new JwsCompactProducer(headers, - UNSIGNED_PLAIN_DOCUMENT, - true); - producer.signWith(new HmacJwsSignatureProvider(ENCODED_MAC_KEY, SignatureAlgorithm.HS256)); - assertEquals(TOKEN_WITH_DETACHED_UNENCODED_PAYLOAD, producer.getSignedEncodedJws()); - JwsCompactConsumer consumer = - new JwsCompactConsumer(TOKEN_WITH_DETACHED_UNENCODED_PAYLOAD, UNSIGNED_PLAIN_DOCUMENT); - - assertTrue(consumer.verifySignatureWith( - new HmacJwsSignatureVerifier(ENCODED_MAC_KEY, SignatureAlgorithm.HS256))); - } - @Test - public void testWriteReadJwsUnsigned() throws Exception { - JwsHeaders headers = new JwsHeaders(JoseType.JWT); - headers.setSignatureAlgorithm(SignatureAlgorithm.NONE); - - JwtClaims claims = new JwtClaims(); - claims.setIssuer("https://jwt-idp.example.com"); - claims.setSubject("mailto:mike@example.com"); - claims.setAudience("https://jwt-rp.example.net"); - claims.setNotBefore(1300815780L); - claims.setExpiryTime(1300819380L); - claims.setClaim("http://claims.example.com/member", true); - - JwsCompactProducer writer = new JwsJwtCompactProducer(headers, claims); - String signed = writer.getSignedEncodedJws(); - - JwsJwtCompactConsumer reader = new JwsJwtCompactConsumer(signed); - assertEquals(0, reader.getDecodedSignature().length); - - JwtToken token = reader.getJwtToken(); - assertEquals(new JwtToken(headers, claims), token); - } - - @Test - public void testReadJwsSignedByMacSpecExample() throws Exception { - JwsJwtCompactConsumer jws = new JwsJwtCompactConsumer(ENCODED_TOKEN_SIGNED_BY_MAC); - assertTrue(jws.verifySignatureWith(new HmacJwsSignatureVerifier(ENCODED_MAC_KEY, - SignatureAlgorithm.HS256))); - JwtToken token = jws.getJwtToken(); - JwsHeaders headers = new JwsHeaders(token.getHeaders()); - assertEquals(JoseType.JWT, headers.getType()); - assertEquals(SignatureAlgorithm.HS256, headers.getSignatureAlgorithm()); - validateSpecClaim(token.getClaims()); - } - - @Test - public void testWriteJwsWithJwkSignedByMac() throws Exception { - JsonWebKey key = new JsonWebKey(); - key.setKeyType(KeyType.OCTET); - key.setKeyOperation(Arrays.asList( - new KeyOperation[]{KeyOperation.SIGN, KeyOperation.VERIFY})); - doTestWriteJwsWithJwkSignedByMac(key); - } - - @Test - public void testWriteJwsWithJwkAsMapSignedByMac() throws Exception { - Map map = new LinkedHashMap(); - map.put(JsonWebKey.KEY_TYPE, JsonWebKey.KEY_TYPE_OCTET); - map.put(JsonWebKey.KEY_OPERATIONS, - new KeyOperation[]{KeyOperation.SIGN, KeyOperation.VERIFY}); - doTestWriteJwsWithJwkSignedByMac(map); - } - - private void doTestWriteJwsWithJwkSignedByMac(Object jsonWebKey) throws Exception { - JwsHeaders headers = new JwsHeaders(); - headers.setType(JoseType.JWT); - headers.setSignatureAlgorithm(SignatureAlgorithm.HS256); - headers.setHeader(JoseConstants.HEADER_JSON_WEB_KEY, jsonWebKey); - - JwtClaims claims = new JwtClaims(); - claims.setIssuer("joe"); - claims.setExpiryTime(1300819380L); - claims.setClaim("http://example.com/is_root", Boolean.TRUE); - - JwtToken token = new JwtToken(headers, claims); - JwsCompactProducer jws = new JwsJwtCompactProducer(token, getWriter()); - jws.signWith(new HmacJwsSignatureProvider(ENCODED_MAC_KEY, SignatureAlgorithm.HS256)); - - assertEquals(ENCODED_TOKEN_WITH_JSON_KEY_SIGNED_BY_MAC, jws.getSignedEncodedJws()); - } - - @Test - public void testReadJwsWithJwkSignedByMac() throws Exception { - JwsJwtCompactConsumer jws = new JwsJwtCompactConsumer(ENCODED_TOKEN_WITH_JSON_KEY_SIGNED_BY_MAC); - assertTrue(jws.verifySignatureWith(new HmacJwsSignatureVerifier(ENCODED_MAC_KEY, - SignatureAlgorithm.HS256))); - JwtToken token = jws.getJwtToken(); - JwsHeaders headers = new JwsHeaders(token.getHeaders()); - assertEquals(JoseType.JWT, headers.getType()); - assertEquals(SignatureAlgorithm.HS256, headers.getSignatureAlgorithm()); - - JsonWebKey key = headers.getJsonWebKey(); - assertEquals(KeyType.OCTET, key.getKeyType()); - List keyOps = key.getKeyOperation(); - assertEquals(2, keyOps.size()); - assertEquals(KeyOperation.SIGN, keyOps.get(0)); - assertEquals(KeyOperation.VERIFY, keyOps.get(1)); - - validateSpecClaim(token.getClaims()); - } - - private void validateSpecClaim(JwtClaims claims) { - assertEquals("joe", claims.getIssuer()); - assertEquals(Long.valueOf(1300819380), claims.getExpiryTime()); - assertEquals(Boolean.TRUE, claims.getClaim("http://example.com/is_root")); - } - - @Test - public void testWriteJwsSignedByPrivateKey() throws Exception { - JwsHeaders headers = new JwsHeaders(); - headers.setSignatureAlgorithm(SignatureAlgorithm.RS256); - JwsCompactProducer jws = initSpecJwtTokenWriter(headers); - PrivateKey key = CryptoUtils.getRSAPrivateKey(RSA_MODULUS_ENCODED, RSA_PRIVATE_EXPONENT_ENCODED); - jws.signWith(new PrivateKeyJwsSignatureProvider(key, SignatureAlgorithm.RS256)); - - assertEquals(ENCODED_TOKEN_SIGNED_BY_PRIVATE_KEY, jws.getSignedEncodedJws()); - } - @Test - public void testJwsPsSha() throws Exception { - Security.addProvider(new BouncyCastleProvider()); - try { - JwsHeaders outHeaders = new JwsHeaders(); - outHeaders.setSignatureAlgorithm(SignatureAlgorithm.PS256); - JwsCompactProducer producer = initSpecJwtTokenWriter(outHeaders); - PrivateKey privateKey = CryptoUtils.getRSAPrivateKey(RSA_MODULUS_ENCODED, RSA_PRIVATE_EXPONENT_ENCODED); - String signed = producer.signWith( - new PrivateKeyJwsSignatureProvider(privateKey, SignatureAlgorithm.PS256)); - - JwsJwtCompactConsumer jws = new JwsJwtCompactConsumer(signed); - RSAPublicKey key = CryptoUtils.getRSAPublicKey(RSA_MODULUS_ENCODED, RSA_PUBLIC_EXPONENT_ENCODED); - assertTrue(jws.verifySignatureWith(new PublicKeyJwsSignatureVerifier(key, SignatureAlgorithm.PS256))); - JwtToken token = jws.getJwtToken(); - JwsHeaders inHeaders = new JwsHeaders(token.getHeaders()); - assertEquals(SignatureAlgorithm.PS256, - inHeaders.getSignatureAlgorithm()); - validateSpecClaim(token.getClaims()); - } finally { - Security.removeProvider(BouncyCastleProvider.class.getName()); - } - } - - @Test - public void testWriteReadJwsSignedByESPrivateKey() throws Exception { - JwsHeaders headers = new JwsHeaders(); - headers.setSignatureAlgorithm(SignatureAlgorithm.ES256); - JwsCompactProducer jws = initSpecJwtTokenWriter(headers); - ECPrivateKey privateKey = CryptoUtils.getECPrivateKey(JsonWebKey.EC_CURVE_P256, - EC_PRIVATE_KEY_ENCODED); - jws.signWith(new EcDsaJwsSignatureProvider(privateKey, SignatureAlgorithm.ES256)); - String signedJws = jws.getSignedEncodedJws(); - - ECPublicKey publicKey = CryptoUtils.getECPublicKey(JsonWebKey.EC_CURVE_P256, - EC_X_POINT_ENCODED, - EC_Y_POINT_ENCODED); - JwsJwtCompactConsumer jwsConsumer = new JwsJwtCompactConsumer(signedJws); - assertTrue(jwsConsumer.verifySignatureWith(new EcDsaJwsSignatureVerifier(publicKey, - SignatureAlgorithm.ES256))); - JwtToken token = jwsConsumer.getJwtToken(); - JwsHeaders headersReceived = new JwsHeaders(token.getHeaders()); - assertEquals(SignatureAlgorithm.ES256, headersReceived.getSignatureAlgorithm()); - validateSpecClaim(token.getClaims()); - } - - @Test - public void testReadJwsSignedByPrivateKey() throws Exception { - JwsJwtCompactConsumer jws = new JwsJwtCompactConsumer(ENCODED_TOKEN_SIGNED_BY_PRIVATE_KEY); - RSAPublicKey key = CryptoUtils.getRSAPublicKey(RSA_MODULUS_ENCODED, RSA_PUBLIC_EXPONENT_ENCODED); - assertTrue(jws.verifySignatureWith(new PublicKeyJwsSignatureVerifier(key, SignatureAlgorithm.RS256))); - JwtToken token = jws.getJwtToken(); - JwsHeaders headers = new JwsHeaders(token.getHeaders()); - assertEquals(SignatureAlgorithm.RS256, headers.getSignatureAlgorithm()); - validateSpecClaim(token.getClaims()); - } - - private JwsCompactProducer initSpecJwtTokenWriter(JoseHeaders headers) throws Exception { - - JwtClaims claims = new JwtClaims(); - claims.setIssuer("joe"); - claims.setExpiryTime(1300819380L); - claims.setClaim("http://example.com/is_root", Boolean.TRUE); - - JwtToken token = new JwtToken(headers, claims); - return new JwsJwtCompactProducer(token, getWriter()); - } - - - private JwtTokenReaderWriter getWriter() { - JwtTokenReaderWriter jsonWriter = new JwtTokenReaderWriter(); - jsonWriter.setFormat(true); - return jsonWriter; - } -} http://git-wip-us.apache.org/repos/asf/cxf/blob/66a81773/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsJsonConsumerTest.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsJsonConsumerTest.java b/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsJsonConsumerTest.java deleted file mode 100644 index 0faed8b..0000000 --- a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsJsonConsumerTest.java +++ /dev/null @@ -1,89 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package org.apache.cxf.rs.security.jose.jws; - -import java.io.InputStream; -import java.util.List; - -import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm; -import org.apache.cxf.rs.security.jose.jwk.JsonWebKey; -import org.apache.cxf.rs.security.jose.jwk.JsonWebKeys; -import org.apache.cxf.rs.security.jose.jwk.JwkUtils; - -import org.junit.Assert; -import org.junit.Test; - -public class JwsJsonConsumerTest extends Assert { - private static final String DUAL_SIGNED_DOCUMENT = - "{\"payload\":\n" - + "\t\"eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ\",\n" - + "\t\"signatures\":[\n" - + "\t\t\t{\"protected\":\"eyJhbGciOiJSUzI1NiJ9\",\n" - + "\t\t\t \"header\":\n" - + "\t\t\t\t{\"kid\":\"2010-12-29\"},\n" - + "\t\t\t \"signature\":\n" - + "\t\t\t\t\"cC4hiUPoj9Eetdgtv3hF80EGrhuB__dzERat0XF9g2VtQgr9PJbu3XOiZj5RZmh7AAuHIm4Bh-0Qc_lF5YKt_O8W2Fp5" - + "jujGbds9uJdbF9CUAr7t1dnZcAcQjbKBYNX4BAynRFdiuB--f_nZLgrnbyTyWzO75vRK5h6xBArLIARNPvkSjtQBMHlb" - + "1L07Qe7K0GarZRmB_eSN9383LcOLn6_dO--xi12jzDwusC-eOkHWEsqtFZESc6BfI7noOPqvhJ1phCnvWh6IeYI2w9QOY" - + "EUipUTI8np6LbgGY9Fs98rqVt5AXLIhWkWywlVmtVrBp0igcN_IoypGlUPQGe77Rw\"},\n" - + "\t\t\t{\"protected\":\"eyJhbGciOiJFUzI1NiJ9\",\n" - + "\t\t\t \"header\":\n" - + "\t\t\t\t{\"kid\":\"e9bc097a-ce51-4036-9562-d2ade882db0d\"},\n" - + "\t\t\t \"signature\":\n" - + "\t\t\t\t\"DtEhU3ljbEg8L38VWAfUAqOyKAM6-Xx-F4GawxaepmXFCgfTjDxw5djxLa8ISlSApmWQxfKTUJqPP3-Kg6NU1Q\"}]\n" - + "}"; - - private static final String KID_OF_THE_FIRST_SIGNER = "2010-12-29"; - private static final String KID_OF_THE_SECOND_SIGNER = "e9bc097a-ce51-4036-9562-d2ade882db0d"; - - @Test - public void testVerifySignedWithProtectedHeaderOnlyUnencodedPayload() { - JwsJsonConsumer consumer = - new JwsJsonConsumer(JwsJsonProducerTest.SIGNED_JWS_JSON_FLAT_UNENCODED_DOCUMENT); - assertEquals(JwsJsonProducerTest.UNSIGNED_PLAIN_DOCUMENT, consumer.getJwsPayload()); - assertEquals(JwsJsonProducerTest.UNSIGNED_PLAIN_DOCUMENT, consumer.getDecodedJwsPayload()); - assertTrue(consumer.verifySignatureWith( - new HmacJwsSignatureVerifier(JwsJsonProducerTest.ENCODED_MAC_KEY_1, SignatureAlgorithm.HS256))); - } - - @Test - public void testVerifyDualSignedDocument() throws Exception { - JwsJsonConsumer consumer = new JwsJsonConsumer(DUAL_SIGNED_DOCUMENT); - JsonWebKeys jwks = readKeySet("jwkPublicJsonConsumerSet.txt"); - - List sigEntries = consumer.getSignatureEntries(); - assertEquals(2, sigEntries.size()); - // 1st signature - String firstKid = (String)sigEntries.get(0).getKeyId(); - assertEquals(KID_OF_THE_FIRST_SIGNER, firstKid); - JsonWebKey rsaKey = jwks.getKey(firstKid); - assertNotNull(rsaKey); - assertTrue(sigEntries.get(0).verifySignatureWith(rsaKey)); - // 2nd signature - String secondKid = (String)sigEntries.get(1).getKeyId(); - assertEquals(KID_OF_THE_SECOND_SIGNER, secondKid); - JsonWebKey ecKey = jwks.getKey(secondKid); - assertNotNull(ecKey); - assertTrue(sigEntries.get(1).verifySignatureWith(ecKey)); - } - public JsonWebKeys readKeySet(String fileName) throws Exception { - InputStream is = JwsJsonConsumerTest.class.getResourceAsStream(fileName); - return JwkUtils.readJwkSet(is); - } -} http://git-wip-us.apache.org/repos/asf/cxf/blob/66a81773/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsJsonProducerTest.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsJsonProducerTest.java b/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsJsonProducerTest.java deleted file mode 100644 index 5895dcb..0000000 --- a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsJsonProducerTest.java +++ /dev/null @@ -1,126 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package org.apache.cxf.rs.security.jose.jws; -import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm; - -import org.junit.Assert; -import org.junit.Test; - -public class JwsJsonProducerTest extends Assert { - - public static final String ENCODED_MAC_KEY_1 = "AyM1SysPpbyDfgZld3umj1qzKObwVMkoqQ-EstJQLr_T-1qS0gZH75" - + "aKtMN3Yj0iPS4hcgUuTwjAzZr1Z9CAow"; - - public static final String ENCODED_MAC_KEY_2 = "09Y_RK7l5rAY9QY7EblYQNuYbu9cy1j7ovCbkeIyAKN8LIeRL-3H8g" - + "c8kZSYzAQ1uTRC_egZ_8cgZSZa9T5nmQ"; - - public static final String UNSIGNED_PLAIN_JSON_DOCUMENT = "{" - + " \"from\": \"user\"," + " \"to\": \"developer\"," - + " \"msg\": \"good job!\" " + "}"; - - public static final String UNSIGNED_PLAIN_DOCUMENT = "$.02"; - - public static final String UNSIGNED_PLAIN_JSON_DOCUMENT_AS_B64URL = "eyAiZnJvbSI6ICJ1c2VyIiwgInRvIjogI" - + "mRldmVsb3BlciIsICJtc2ciOiAiZ29vZCBqb2IhIiB9"; - - - public static final String SIGNED_JWS_JSON_DOCUMENT = "{" - + "\"payload\":\"" - + UNSIGNED_PLAIN_JSON_DOCUMENT_AS_B64URL - + "\",\"signatures\":[{\"protected\":\"eyJhbGciOiJIUzI1NiJ9\",\"signature\":" - + "\"NNksREOsFCI1nUQEqzCe6XZFa-bRAge2XXMMAU2Jj2I\"}]}"; - - public static final String SIGNED_JWS_JSON_FLAT_DOCUMENT = "{" - + "\"payload\":\"" - + UNSIGNED_PLAIN_JSON_DOCUMENT_AS_B64URL - + "\",\"protected\":\"eyJhbGciOiJIUzI1NiJ9\",\"signature\":" - + "\"NNksREOsFCI1nUQEqzCe6XZFa-bRAge2XXMMAU2Jj2I\"}"; - - public static final String SIGNED_JWS_JSON_FLAT_UNENCODED_DOCUMENT = "{" - + "\"payload\":\"" + UNSIGNED_PLAIN_DOCUMENT + "\"," - + "\"protected\":\"eyJhbGciOiJIUzI1NiIsImI2NCI6ZmFsc2V9\"," - + "\"signature\":" + "\"GsyM6AQJbQHY8aQKCbZSPJHzMRWo3HKIlcDuXof7nqs\"}"; - - public static final String DUAL_SIGNED_JWS_JSON_DOCUMENT = "{" - + "\"payload\":\"" - + UNSIGNED_PLAIN_JSON_DOCUMENT_AS_B64URL - + "\",\"signatures\":[{\"protected\":\"eyJhbGciOiJIUzI1NiJ9\"," - + "\"signature\":\"NNksREOsFCI1nUQEqzCe6XZFa-bRAge2XXMMAU2Jj2I\"}," - + "{\"protected\":\"eyJhbGciOiJIUzI1NiJ9\"," - + "\"signature\":\"KY2r_Gubar7G86fVyrA7I2-69KA7faKDmebfCCmibdI\"}]}"; - - @Test - public void testSignPlainJsonDocumentPayloadConstruction() { - JwsJsonProducer producer = new JwsJsonProducer(UNSIGNED_PLAIN_JSON_DOCUMENT); - - assertEquals(UNSIGNED_PLAIN_JSON_DOCUMENT_AS_B64URL, - producer.getUnsignedEncodedPayload()); - } - - - @Test - public void testSignWithProtectedHeaderOnly() { - JwsJsonProducer producer = new JwsJsonProducer(UNSIGNED_PLAIN_JSON_DOCUMENT); - JwsHeaders headerEntries = new JwsHeaders(); - headerEntries.setSignatureAlgorithm(SignatureAlgorithm.HS256); - - producer.signWith(new HmacJwsSignatureProvider(ENCODED_MAC_KEY_1, SignatureAlgorithm.HS256), - headerEntries); - assertEquals(SIGNED_JWS_JSON_DOCUMENT, - producer.getJwsJsonSignedDocument()); - } - @Test - public void testSignWithProtectedHeaderOnlyUnencodedPayload() { - JwsJsonProducer producer = new JwsJsonProducer(UNSIGNED_PLAIN_DOCUMENT, true); - JwsHeaders headers = new JwsHeaders(); - headers.setSignatureAlgorithm(SignatureAlgorithm.HS256); - headers.setPayloadEncodingStatus(false); - - - producer.signWith(new HmacJwsSignatureProvider(ENCODED_MAC_KEY_1, SignatureAlgorithm.HS256), - headers); - assertEquals(SIGNED_JWS_JSON_FLAT_UNENCODED_DOCUMENT, - producer.getJwsJsonSignedDocument()); - } - @Test - public void testSignWithProtectedHeaderOnlyFlat() { - JwsJsonProducer producer = new JwsJsonProducer(UNSIGNED_PLAIN_JSON_DOCUMENT, true); - JwsHeaders headerEntries = new JwsHeaders(); - headerEntries.setSignatureAlgorithm(SignatureAlgorithm.HS256); - - producer.signWith(new HmacJwsSignatureProvider(ENCODED_MAC_KEY_1, SignatureAlgorithm.HS256), - headerEntries); - assertEquals(SIGNED_JWS_JSON_FLAT_DOCUMENT, - producer.getJwsJsonSignedDocument()); - } - @Test - public void testDualSignWithProtectedHeaderOnly() { - JwsJsonProducer producer = new JwsJsonProducer(UNSIGNED_PLAIN_JSON_DOCUMENT); - JwsHeaders headerEntries = new JwsHeaders(); - headerEntries.setSignatureAlgorithm(SignatureAlgorithm.HS256); - - producer.signWith(new HmacJwsSignatureProvider(ENCODED_MAC_KEY_1, SignatureAlgorithm.HS256), - headerEntries); - producer.signWith(new HmacJwsSignatureProvider(ENCODED_MAC_KEY_2, SignatureAlgorithm.HS256), - headerEntries); - assertEquals(DUAL_SIGNED_JWS_JSON_DOCUMENT, - producer.getJwsJsonSignedDocument()); - } - -} http://git-wip-us.apache.org/repos/asf/cxf/blob/66a81773/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/jwkPublicJsonConsumerSet.txt ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/jwkPublicJsonConsumerSet.txt b/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/jwkPublicJsonConsumerSet.txt deleted file mode 100644 index ba8e723..0000000 --- a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/jwkPublicJsonConsumerSet.txt +++ /dev/null @@ -1,18 +0,0 @@ -{"keys": - [ - {"kty":"RSA", - "n": "ofgWCuLjybRlzo0tZWJjNiuSfb4p4fAkd_wWJcyQoTbji9k0l8W26mPddxHmfHQp-Vaw-4qPCJrcS2mJPMEzP1Pt0Bm4d4QlL-yRT-SFd2lZS-pCgNMsD1W_YpRPEwOWvG6b32690r2jZ47soMZo9wGzjb_7OMg0LOL-bSf63kpaSHSXndS5z5rexMdbBYUsLA9e-KXBdQOS-UTo7WTBEMa2R2CapHg665xsmtdVMTBQY4uDZlxvb3qCo5ZwKh9kG4LT6_I5IhlJH7aGhyxXFvUK-DWNmoudF8NAco9_h9iaGNj8q2ethFkMLs91kzk2PAcDTW9gb54h4FRWyuXpoQ", - "e":"AQAB", - "alg":"RS256", - "kid":"2010-12-29"}, - - {"kty":"EC", - "alg":"ES256", - "crv":"P-256", - "x":"f83OJ3D2xF1Bg8vub9tLe1gHMzV76e8Tus9uPHvRVEU", - "y":"x_FEzRu9m36HLN_tue659LNpXW6pCyStikYjKIWI5a0", - "kid":"e9bc097a-ce51-4036-9562-d2ade882db0d" - } - - ] - } \ No newline at end of file