cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject cxf git commit: Making sure JWS b64 is marked as critical if its value is false (unencoded payload) as per RFC7797
Date Fri, 26 Feb 2016 16:56:37 GMT
Repository: cxf
Updated Branches:
  refs/heads/3.1.x-fixes 43178c3c2 -> 1c238edf6


Making sure JWS b64 is marked as critical if its value is false (unencoded payload) as per
RFC7797


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/1c238edf
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/1c238edf
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/1c238edf

Branch: refs/heads/3.1.x-fixes
Commit: 1c238edf60aaa0f14346f779a296794304bb808d
Parents: 43178c3
Author: Sergey Beryozkin <sberyozkin@gmail.com>
Authored: Fri Feb 26 16:55:12 2016 +0000
Committer: Sergey Beryozkin <sberyozkin@gmail.com>
Committed: Fri Feb 26 16:56:21 2016 +0000

----------------------------------------------------------------------
 .../apache/cxf/rs/security/jose/jws/JwsHeaders.java    | 13 +++++++++++++
 .../security/jose/jws/JwsCompactReaderWriterTest.java  |  2 +-
 .../cxf/rs/security/jose/jws/JwsJsonConsumerTest.java  |  5 +++++
 .../cxf/rs/security/jose/jws/JwsJsonProducerTest.java  |  4 ++--
 4 files changed, 21 insertions(+), 3 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/1c238edf/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsHeaders.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsHeaders.java
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsHeaders.java
index 9d54b37..e860311 100644
--- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsHeaders.java
+++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsHeaders.java
@@ -18,6 +18,8 @@
  */
 package org.apache.cxf.rs.security.jose.jws;
 
+import java.util.LinkedList;
+import java.util.List;
 import java.util.Map;
 import java.util.Properties;
 
@@ -64,6 +66,17 @@ public class JwsHeaders extends JoseHeaders {
     }
     public void setPayloadEncodingStatus(Boolean status) {
         super.setProperty(JoseConstants.JWS_HEADER_B64_STATUS_HEADER, status);
+        if (!status) {
+            List<String> critical = this.getCritical();
+            if (critical == null) {
+                critical = new LinkedList<String>();
+                setCritical(critical);
+            } else if (critical.contains(JoseConstants.JWS_HEADER_B64_STATUS_HEADER)) {
+                return;
+            }
+            critical.add(JoseConstants.JWS_HEADER_B64_STATUS_HEADER);
+            
+        }
     }
     public Boolean getPayloadEncodingStatus() {
         return super.getBooleanProperty(JoseConstants.JWS_HEADER_B64_STATUS_HEADER);

http://git-wip-us.apache.org/repos/asf/cxf/blob/1c238edf/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsCompactReaderWriterTest.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsCompactReaderWriterTest.java
b/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsCompactReaderWriterTest.java
index e1855ea..19f9f68 100644
--- a/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsCompactReaderWriterTest.java
+++ b/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsCompactReaderWriterTest.java
@@ -47,7 +47,7 @@ import org.junit.Test;
 public class JwsCompactReaderWriterTest extends Assert {
     
     public static final String TOKEN_WITH_DETACHED_UNENCODED_PAYLOAD =
-        "eyJhbGciOiJIUzI1NiIsImI2NCI6ZmFsc2V9..GsyM6AQJbQHY8aQKCbZSPJHzMRWo3HKIlcDuXof7nqs";
+        "eyJhbGciOiJIUzI1NiIsImI2NCI6ZmFsc2UsImNyaXQiOlsiYjY0Il19..A5dxf2s96_n5FLueVuW1Z_vh161FwXZC4YLPff6dmDY";
     public static final String UNSIGNED_PLAIN_DOCUMENT = "$.02";
     
     public static final String ENCODED_TOKEN_SIGNED_BY_MAC = 

http://git-wip-us.apache.org/repos/asf/cxf/blob/1c238edf/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsJsonConsumerTest.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsJsonConsumerTest.java
b/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsJsonConsumerTest.java
index 0faed8b..b543ba7 100644
--- a/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsJsonConsumerTest.java
+++ b/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsJsonConsumerTest.java
@@ -21,6 +21,7 @@ package org.apache.cxf.rs.security.jose.jws;
 import java.io.InputStream;
 import java.util.List;
 
+import org.apache.cxf.rs.security.jose.common.JoseConstants;
 import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm;
 import org.apache.cxf.rs.security.jose.jwk.JsonWebKey;
 import org.apache.cxf.rs.security.jose.jwk.JsonWebKeys;
@@ -60,6 +61,10 @@ public class JwsJsonConsumerTest extends Assert {
         assertEquals(JwsJsonProducerTest.UNSIGNED_PLAIN_DOCUMENT, consumer.getDecodedJwsPayload());
         assertTrue(consumer.verifySignatureWith(
             new HmacJwsSignatureVerifier(JwsJsonProducerTest.ENCODED_MAC_KEY_1, SignatureAlgorithm.HS256)));
+        JwsHeaders headers = consumer.getSignatureEntries().get(0).getProtectedHeader();
+        List<String> critical = headers.getCritical();
+        assertEquals(1, critical.size());
+        assertEquals(JoseConstants.JWS_HEADER_B64_STATUS_HEADER, critical.get(0));
     }
     
     @Test

http://git-wip-us.apache.org/repos/asf/cxf/blob/1c238edf/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsJsonProducerTest.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsJsonProducerTest.java
b/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsJsonProducerTest.java
index 5895dcb..b9392c6 100644
--- a/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsJsonProducerTest.java
+++ b/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsJsonProducerTest.java
@@ -54,8 +54,8 @@ public class JwsJsonProducerTest extends Assert {
        
     public static final String SIGNED_JWS_JSON_FLAT_UNENCODED_DOCUMENT = "{"
         + "\"payload\":\"" + UNSIGNED_PLAIN_DOCUMENT + "\","
-        + "\"protected\":\"eyJhbGciOiJIUzI1NiIsImI2NCI6ZmFsc2V9\","
-        + "\"signature\":" + "\"GsyM6AQJbQHY8aQKCbZSPJHzMRWo3HKIlcDuXof7nqs\"}";
+        + "\"protected\":\"eyJhbGciOiJIUzI1NiIsImI2NCI6ZmFsc2UsImNyaXQiOlsiYjY0Il19\","
+        + "\"signature\":" + "\"A5dxf2s96_n5FLueVuW1Z_vh161FwXZC4YLPff6dmDY\"}";
     
     public static final String DUAL_SIGNED_JWS_JSON_DOCUMENT = "{"
                        + "\"payload\":\""


Mime
View raw message