Return-Path: 
 <commits-return-39054-apmail-cxf-commits-archive=cxf.apache.org@cxf.apache.org>
X-Original-To: apmail-cxf-commits-archive@www.apache.org
Delivered-To: apmail-cxf-commits-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 2C3A91896E
	for <apmail-cxf-commits-archive@www.apache.org>;
 Thu, 12 Nov 2015 12:22:09 +0000 (UTC)
Received: (qmail 44664 invoked by uid 500); 12 Nov 2015 12:22:08 -0000
Delivered-To: apmail-cxf-commits-archive@cxf.apache.org
Received: (qmail 44531 invoked by uid 500); 12 Nov 2015 12:22:08 -0000
Mailing-List: contact commits-help@cxf.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:commits-help@cxf.apache.org>
List-Unsubscribe: <mailto:commits-unsubscribe@cxf.apache.org>
List-Post: <mailto:commits@cxf.apache.org>
List-Id: <commits.cxf.apache.org>
Reply-To: dev@cxf.apache.org
Delivered-To: mailing list commits@cxf.apache.org
Received: (qmail 44515 invoked by uid 99); 12 Nov 2015 12:22:08 -0000
Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org)
 (140.211.11.23)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 12 Nov 2015 12:22:08 +0000
Received: by git1-us-west.apache.org (ASF Mail Server at
 git1-us-west.apache.org, from userid 33)
	id 8F6F4E5E13; Thu, 12 Nov 2015 12:22:08 +0000 (UTC)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: coheigea@apache.org
To: commits@cxf.apache.org
Date: Thu, 12 Nov 2015 12:22:09 -0000
Message-Id: <82167e345ff54829b52e85289a77d50c@git.apache.org>
In-Reply-To: <e3b441f2686a41b0a137091d99d1c140@git.apache.org>
References: <e3b441f2686a41b0a137091d99d1c140@git.apache.org>
X-Mailer: ASF-Git Admin Mailer
Subject: [2/3] cxf git commit: Adding more sig/enc tests for JWT tokens in the
 STS

Adding more sig/enc tests for JWT tokens in the STS


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/cd9d69a3
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/cd9d69a3
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/cd9d69a3

Branch: refs/heads/3.1.x-fixes
Commit: cd9d69a3c92e2c23b85e44bfbfe973c029870e78
Parents: 2cfc6a9
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Thu Nov 12 10:40:12 2015 +0000
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Thu Nov 12 12:22:02 2015 +0000

----------------------------------------------------------------------
 .../token/provider/JWTTokenProviderTest.java    | 93 ++++++++++++++++++++
 1 file changed, 93 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/cd9d69a3/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/JWTTokenProviderTest.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/JWTTokenProviderTest.java b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/JWTTokenProviderTest.java
index 2af75c2..51ef210 100644
--- a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/JWTTokenProviderTest.java
+++ b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/JWTTokenProviderTest.java
@@ -27,6 +27,7 @@ import org.apache.cxf.jaxws.context.WebServiceContextImpl;
 import org.apache.cxf.jaxws.context.WrappedMessageContext;
 import org.apache.cxf.message.MessageImpl;
 import org.apache.cxf.rs.security.jose.common.JoseConstants;
+import org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm;
 import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm;
 import org.apache.cxf.rs.security.jose.jwe.JweDecryptionOutput;
 import org.apache.cxf.rs.security.jose.jwe.JweDecryptionProvider;
@@ -35,6 +36,7 @@ import org.apache.cxf.rs.security.jose.jwe.JweUtils;
 import org.apache.cxf.rs.security.jose.jws.JwsJwtCompactConsumer;
 import org.apache.cxf.rs.security.jose.jwt.JwtConstants;
 import org.apache.cxf.rs.security.jose.jwt.JwtToken;
+import org.apache.cxf.sts.SignatureProperties;
 import org.apache.cxf.sts.StaticSTSProperties;
 import org.apache.cxf.sts.cache.DefaultInMemoryTokenStore;
 import org.apache.cxf.sts.common.PasswordCallbackHandler;
@@ -128,6 +130,46 @@ public class JWTTokenProviderTest extends org.junit.Assert {
     }
     
     @org.junit.Test
+    public void testCreateSignedPSJWT() throws Exception {
+        TokenProvider jwtTokenProvider = new JWTTokenProvider();
+        ((JWTTokenProvider)jwtTokenProvider).setSignToken(true);
+        
+        TokenProviderParameters providerParameters = createProviderParameters();
+        SignatureProperties sigProps = new SignatureProperties();
+        sigProps.setSignatureAlgorithm(SignatureAlgorithm.PS256.name());
+        providerParameters.getStsProperties().setSignatureProperties(sigProps);
+        
+        assertTrue(jwtTokenProvider.canHandleToken(JWTTokenProvider.JWT_TOKEN_TYPE));
+        TokenProviderResponse providerResponse = jwtTokenProvider.createToken(providerParameters);
+        assertTrue(providerResponse != null);
+        assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
+
+        String token = (String)providerResponse.getToken();
+        assertNotNull(token);
+        assertTrue(token.split("\\.").length == 3);
+        
+        // Validate the token
+        JwsJwtCompactConsumer jwtConsumer = new JwsJwtCompactConsumer(token);
+        JwtToken jwt = jwtConsumer.getJwtToken();
+        Assert.assertEquals("alice", jwt.getClaim(JwtConstants.CLAIM_SUBJECT));
+        Assert.assertEquals(providerResponse.getTokenId(), jwt.getClaim(JwtConstants.CLAIM_JWT_ID));
+        Assert.assertEquals(providerResponse.getCreated().getTime() / 1000L, 
+                            jwt.getClaim(JwtConstants.CLAIM_ISSUED_AT));
+        Assert.assertEquals(providerResponse.getExpires().getTime() / 1000L, 
+                            jwt.getClaim(JwtConstants.CLAIM_EXPIRY));
+        
+        // Verify Signature
+        Crypto crypto = providerParameters.getStsProperties().getSignatureCrypto();
+        CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
+        cryptoType.setAlias(providerParameters.getStsProperties().getSignatureUsername());
+        X509Certificate[] certs = crypto.getX509Certificates(cryptoType);
+        assertNotNull(certs);
+        
+        assertFalse(jwtConsumer.verifySignatureWith(certs[0], SignatureAlgorithm.RS256));
+        assertTrue(jwtConsumer.verifySignatureWith(certs[0], SignatureAlgorithm.PS256));
+    }
+    
+    @org.junit.Test
     public void testCachedSignedJWT() throws Exception {
         TokenProvider jwtTokenProvider = new JWTTokenProvider();
         ((JWTTokenProvider)jwtTokenProvider).setSignToken(true);
@@ -206,6 +248,57 @@ public class JWTTokenProviderTest extends org.junit.Assert {
     }
     
     @org.junit.Test
+    public void testCreateUnsignedEncryptedCBCJWT() throws Exception {
+        TokenProvider jwtTokenProvider = new JWTTokenProvider();
+        ((JWTTokenProvider)jwtTokenProvider).setSignToken(false);
+        
+        TokenProviderParameters providerParameters = createProviderParameters();
+        providerParameters.setEncryptToken(true);
+        providerParameters.getEncryptionProperties().setEncryptionAlgorithm(
+            ContentAlgorithm.A128CBC_HS256.name()
+        );
+        
+        assertTrue(jwtTokenProvider.canHandleToken(JWTTokenProvider.JWT_TOKEN_TYPE));
+        TokenProviderResponse providerResponse = jwtTokenProvider.createToken(providerParameters);
+        assertTrue(providerResponse != null);
+        assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
+
+        String token = (String)providerResponse.getToken();
+        assertNotNull(token);
+        assertTrue(token.split("\\.").length == 5);
+        
+        if (unrestrictedPoliciesInstalled) {
+            // Validate the token
+            JweJwtCompactConsumer jwtConsumer = new JweJwtCompactConsumer(token);
+            Properties decProperties = new Properties();
+            Crypto decryptionCrypto = CryptoFactory.getInstance(getDecryptionProperties());
+            KeyStore keystore = ((Merlin)decryptionCrypto).getKeyStore();
+            decProperties.put(JoseConstants.RSSEC_KEY_STORE, keystore);
+            decProperties.put(JoseConstants.RSSEC_KEY_STORE_ALIAS, "myservicekey");
+            decProperties.put(JoseConstants.RSSEC_KEY_PSWD, "skpass");
+            decProperties.put(JoseConstants.RSSEC_ENCRYPTION_CONTENT_ALGORITHM, 
+                              ContentAlgorithm.A128CBC_HS256.name());
+            
+            JweDecryptionProvider decProvider =
+                JweUtils.loadDecryptionProvider(decProperties, jwtConsumer.getHeaders(), false);
+            
+            JweDecryptionOutput decOutput = decProvider.decrypt(token);
+            String decToken = decOutput.getContentText();
+            
+            JwsJwtCompactConsumer jwtJwsConsumer = new JwsJwtCompactConsumer(decToken);
+            JwtToken jwt = jwtJwsConsumer.getJwtToken();
+            
+            Assert.assertEquals("alice", jwt.getClaim(JwtConstants.CLAIM_SUBJECT));
+            Assert.assertEquals(providerResponse.getTokenId(), jwt.getClaim(JwtConstants.CLAIM_JWT_ID));
+            Assert.assertEquals(providerResponse.getCreated().getTime() / 1000L, 
+                                jwt.getClaim(JwtConstants.CLAIM_ISSUED_AT));
+            Assert.assertEquals(providerResponse.getExpires().getTime() / 1000L, 
+                                jwt.getClaim(JwtConstants.CLAIM_EXPIRY));
+        }
+                            
+    }
+    
+    @org.junit.Test
     public void testCreateSignedEncryptedJWT() throws Exception {
         TokenProvider jwtTokenProvider = new JWTTokenProvider();