cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject [1/2] cxf git commit: [CXF-7434] JweJson and other related improvements
Date Fri, 30 Jun 2017 15:41:05 GMT
Repository: cxf
Updated Branches:
  refs/heads/3.1.x-fixes 7c159a791 -> 91a5375ab


http://git-wip-us.apache.org/repos/asf/cxf/blob/91a5375a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/JAXRSJweJsonTest.java
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/JAXRSJweJsonTest.java
b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/JAXRSJweJsonTest.java
index 83832ac..2dd2aa0 100644
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/JAXRSJweJsonTest.java
+++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/JAXRSJweJsonTest.java
@@ -21,10 +21,9 @@ package org.apache.cxf.systest.jaxrs.security.jose.jwejws;
 
 import java.net.URL;
 import java.security.Security;
-import java.util.Collections;
+import java.util.ArrayList;
 import java.util.LinkedList;
 import java.util.List;
-import java.util.Map;
 
 import org.apache.cxf.Bus;
 import org.apache.cxf.bus.spring.SpringBusFactory;
@@ -59,24 +58,22 @@ public class JAXRSJweJsonTest extends AbstractBusClientServerTestBase
{
     }
     
     @Test
-    public void testJweJsonPlainTextHmac() throws Exception {
-        String address = "https://localhost:" + PORT + "/jwejsonhmac";
-        BookStore bs = createBookStore(address, 
-                                       "org/apache/cxf/systest/jaxrs/security/secret.jwk.properties",
-                                       null);
+    public void testJweJsonSingleRecipientKeyWrapAndAesCbcHmac() throws Exception {
+        String address = "https://localhost:" + PORT + "/jwejsonkeywrap";
+        BookStore bs = createBookStore(address,
+                                       "org/apache/cxf/systest/jaxrs/security/secret.jwk.properties");
         String text = bs.echoText("book");
         assertEquals("book", text);
     }
-    
-    private BookStore createBookStore(String address, Object properties,
-                                      List<?> extraProviders) throws Exception {
-        return createBookStore(address, 
-                               Collections.singletonMap(JoseConstants.RSSEC_ENCRYPTION_PROPS,
properties),
-                               extraProviders);
+    @Test
+    public void testJweJsonSingleRecipientAesGcmDirect() throws Exception {
+        String address = "https://localhost:" + PORT + "/jwejsondirect";
+        BookStore bs = createBookStore(address,
+                                       "org/apache/cxf/systest/jaxrs/security/jwe.direct.properties");
+        String text = bs.echoText("book");
+        assertEquals("book", text);
     }
-    private BookStore createBookStore(String address, 
-                                      Map<String, Object> mapProperties,
-                                      List<?> extraProviders) throws Exception {
+    private BookStore createBookStore(String address, String propLoc) throws Exception {
         JAXRSClientFactoryBean bean = new JAXRSClientFactoryBean();
         SpringBusFactory bf = new SpringBusFactory();
         URL busFile = JAXRSJweJsonTest.class.getResource("client.xml");
@@ -88,11 +85,35 @@ public class JAXRSJweJsonTest extends AbstractBusClientServerTestBase
{
         JweJsonWriterInterceptor writer = new JweJsonWriterInterceptor();
         providers.add(writer);
         providers.add(new JweJsonClientResponseFilter());
-        if (extraProviders != null) {
-            providers.addAll(extraProviders);
-        }
         bean.setProviders(providers);
-        bean.getProperties(true).putAll(mapProperties);
+        bean.getProperties(true).put(JoseConstants.RSSEC_ENCRYPTION_PROPS,
+                                     propLoc);
+        return bean.create(BookStore.class);
+    }
+    
+    @Test
+    public void testJweJsontTwoRecipientsKeyWrapAndAesGcm() throws Exception {
+        String address = "https://localhost:" + PORT + "/jwejsonTwoRecipients";
+        BookStore bs = createBookStoreTwoRecipients(address);
+        String text = bs.echoTextJweJsonIn("book");
+        assertEquals("bookbook", text);
+    }
+
+    private BookStore createBookStoreTwoRecipients(String address) throws Exception {
+        JAXRSClientFactoryBean bean = new JAXRSClientFactoryBean();
+        SpringBusFactory bf = new SpringBusFactory();
+        URL busFile = JAXRSJweJsonTest.class.getResource("client.xml");
+        Bus springBus = bf.createBus(busFile.toString());
+        bean.setBus(springBus);
+        bean.setServiceClass(BookStore.class);
+        bean.setAddress(address);
+        bean.setProvider(new JweJsonWriterInterceptor());
+        
+        List<String> properties = new ArrayList<>();
+        properties.add("org/apache/cxf/systest/jaxrs/security/jwejson1.properties");
+        properties.add("org/apache/cxf/systest/jaxrs/security/jwejson2.properties");
+        bean.getProperties(true).put(JoseConstants.RSSEC_ENCRYPTION_PROPS,
+                                 properties);
         return bean.create(BookStore.class);
     }
     

http://git-wip-us.apache.org/repos/asf/cxf/blob/91a5375a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/JAXRSJweJwsTest.java
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/JAXRSJweJwsTest.java
b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/JAXRSJweJwsTest.java
index 9d15ee2..bf6256e 100644
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/JAXRSJweJwsTest.java
+++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/JAXRSJweJwsTest.java
@@ -418,6 +418,35 @@ public class JAXRSJweJwsTest extends AbstractBusClientServerTestBase
{
     }
     
     @Test
+    public void testJweAesGcmDirect() throws Exception {
+        String address = "https://localhost:" + PORT + "/jweaesgcmdirect";
+        JAXRSClientFactoryBean bean = new JAXRSClientFactoryBean();
+        SpringBusFactory bf = new SpringBusFactory();
+        URL busFile = JAXRSJweJwsTest.class.getResource("client.xml");
+        Bus springBus = bf.createBus(busFile.toString());
+        bean.setBus(springBus);
+        bean.setServiceClass(BookStore.class);
+        bean.setAddress(address);
+        List<Object> providers = new LinkedList<Object>();
+        // writer
+        JweWriterInterceptor jweWriter = new JweWriterInterceptor();
+        jweWriter.setUseJweOutputStream(true);
+        // reader
+        JweClientResponseFilter jweReader = new JweClientResponseFilter();
+
+        providers.add(jweWriter);
+        providers.add(jweReader);
+        bean.setProviders(providers);
+
+        bean.getProperties(true).put("rs.security.encryption.properties",
+                                     "org/apache/cxf/systest/jaxrs/security/jwe.direct.properties");
+        
+        BookStore bs = bean.create(BookStore.class);
+        String text = bs.echoText("book");
+        assertEquals("book", text);
+    }
+    
+    @Test
     public void testJweAesCbcHmac() throws Exception {
         String address = "https://localhost:" + PORT + "/jweaescbchmac";
         JAXRSClientFactoryBean bean = new JAXRSClientFactoryBean();

http://git-wip-us.apache.org/repos/asf/cxf/blob/91a5375a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/JAXRSJwsJsonTest.java
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/JAXRSJwsJsonTest.java
b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/JAXRSJwsJsonTest.java
index e7d1321..e0cc7be 100644
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/JAXRSJwsJsonTest.java
+++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/JAXRSJwsJsonTest.java
@@ -121,7 +121,7 @@ public class JAXRSJwsJsonTest extends AbstractBusClientServerTestBase
{
     }
     
     @Test
-    public void testJwsJsonBookDoubleHmac() throws Exception {
+    public void testJwsJsonBookDoubleHmacManyProps() throws Exception {
         String address = "https://localhost:" + PORT + "/jwsjsonhmac2";
         List<String> properties = new ArrayList<String>();
         properties.add("org/apache/cxf/systest/jaxrs/security/secret.jwk.properties");
@@ -135,22 +135,6 @@ public class JAXRSJwsJsonTest extends AbstractBusClientServerTestBase
{
         assertEquals("book", book.getName());
         assertEquals(123L, book.getId());
     }
-    
-    @Test
-    public void testJwsJsonBookDoubleHmacSinglePropsFile() throws Exception {
-        String address = "https://localhost:" + PORT + "/jwsjsonhmac2";
-        List<String> properties = new ArrayList<String>();
-        properties.add("org/apache/cxf/systest/jaxrs/security/secret.jwk.hmac2.properties");
-        Map<String, Object> map = new HashMap<String, Object>();
-        map.put(JoseConstants.RSSEC_SIGNATURE_OUT_PROPS, properties);
-        map.put(JoseConstants.RSSEC_SIGNATURE_IN_PROPS, 
-                "org/apache/cxf/systest/jaxrs/security/secret.jwk.properties");
-        BookStore bs = createBookStore(address, map, null);
-        Book book = bs.echoBookXml(new Book("book", 123L));
-        assertEquals("book", book.getName());
-        assertEquals(123L, book.getId());
-    }
-    
     // Test signing an XML payload
     @Test
     public void testJwsJsonPlainTextHmacXML() throws Exception {

http://git-wip-us.apache.org/repos/asf/cxf/blob/91a5375a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet.txt
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet.txt
b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet.txt
index 0dde577..5dab671 100644
--- a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet.txt
+++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet.txt
@@ -12,6 +12,17 @@
           "kid":"AesWrapKey"},
           
           {"kty":"oct",
+          "alg":"A128KW",
+          "k":"GawgguFyGrWKav7AX4VKUg",
+          "kid":"AesWrapKey2"},
+          
+          {"kty":"oct",
+          "alg":"A128GCM",
+          "k":"GawgguFyGrWKav7AX4VKUg",
+          "kid":"AesGcmKey"},
+          
+          
+          {"kty":"oct",
           "alg":"HS256",
           "k":"AyM1SysPpbyDfgZld3umj1qzKObwVMkoqQ-EstJQLr_T-1qS0gZH75aKtMN3Yj0iPS4hcgUuTwjAzZr1Z9CAow",
           "kid":"HMACKey"},

http://git-wip-us.apache.org/repos/asf/cxf/blob/91a5375a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/jose/jwejws/server.xml
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/jose/jwejws/server.xml
b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/jose/jwejws/server.xml
index 67a1c94..b71c07f 100644
--- a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/jose/jwejws/server.xml
+++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/jose/jwejws/server.xml
@@ -261,4 +261,16 @@ under the License.
             <ref bean="jweOutAesCbcHmacFilter"/>
         </jaxrs:providers>
     </jaxrs:server>
+    <jaxrs:server address="https://localhost:${testutil.ports.jaxrs-jwt}/jweaesgcmdirect">
+        <jaxrs:serviceBeans>
+            <ref bean="serviceBean"/>
+        </jaxrs:serviceBeans>
+        <jaxrs:providers>
+            <bean class="org.apache.cxf.rs.security.jose.jaxrs.JweContainerRequestFilter"/>
+            <bean class="org.apache.cxf.rs.security.jose.jaxrs.JweWriterInterceptor"/>
+        </jaxrs:providers>
+        <jaxrs:properties>
+            <entry key="rs.security.encryption.properties" value="org/apache/cxf/systest/jaxrs/security/jwe.direct.properties"/>
+        </jaxrs:properties>
+    </jaxrs:server>
 </beans>

http://git-wip-us.apache.org/repos/asf/cxf/blob/91a5375a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/jose/jwejws/serverJweJson.xml
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/jose/jwejws/serverJweJson.xml
b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/jose/jwejws/serverJweJson.xml
index 7757ef7..c5ea8fa 100644
--- a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/jose/jwejws/serverJweJson.xml
+++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/jose/jwejws/serverJweJson.xml
@@ -42,7 +42,7 @@ under the License.
     <bean id="jweInFilter" class="org.apache.cxf.rs.security.jose.jaxrs.JweJsonContainerRequestFilter"/>
     <bean id="jweOutFilter" class="org.apache.cxf.rs.security.jose.jaxrs.JweJsonWriterInterceptor"/>
     
-    <jaxrs:server address="https://localhost:${testutil.ports.jaxrs-jwe-json}/jwejsonhmac">
+    <jaxrs:server address="https://localhost:${testutil.ports.jaxrs-jwe-json}/jwejsonkeywrap">
         <jaxrs:serviceBeans>
             <ref bean="serviceBean"/>
         </jaxrs:serviceBeans>
@@ -54,5 +54,28 @@ under the License.
             <entry key="rs.security.encryption.properties" value="org/apache/cxf/systest/jaxrs/security/secret.jwk.properties"/>
         </jaxrs:properties>
     </jaxrs:server>
+    
+    <jaxrs:server address="https://localhost:${testutil.ports.jaxrs-jwe-json}/jwejsondirect">
+        <jaxrs:serviceBeans>
+            <ref bean="serviceBean"/>
+        </jaxrs:serviceBeans>
+        <jaxrs:providers>
+            <ref bean="jweInFilter"/>
+            <ref bean="jweOutFilter"/>
+        </jaxrs:providers>
+        <jaxrs:properties>
+            <entry key="rs.security.encryption.properties" value="org/apache/cxf/systest/jaxrs/security/jwe.direct.properties"/>
+        </jaxrs:properties>
+    </jaxrs:server>
+    
+    <jaxrs:server address="https://localhost:${testutil.ports.jaxrs-jwe-json}/jwejsonTwoRecipients">
+        <jaxrs:serviceBeans>
+            <ref bean="serviceBean"/>
+        </jaxrs:serviceBeans>
+        <jaxrs:properties>
+            <entry key="rs.security.encryption.properties" 
+              value="org/apache/cxf/systest/jaxrs/security/jwejson1.properties,org/apache/cxf/systest/jaxrs/security/jwejson2.properties"/>
+        </jaxrs:properties>
+    </jaxrs:server>
         
 </beans>

http://git-wip-us.apache.org/repos/asf/cxf/blob/91a5375a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/jwe.direct.properties
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/jwe.direct.properties
b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/jwe.direct.properties
new file mode 100644
index 0000000..6fa30be
--- /dev/null
+++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/jwe.direct.properties
@@ -0,0 +1,21 @@
+#    Licensed to the Apache Software Foundation (ASF) under one
+#    or more contributor license agreements. See the NOTICE file
+#    distributed with this work for additional information
+#    regarding copyright ownership. The ASF licenses this file
+#    to you under the Apache License, Version 2.0 (the
+#    "License"); you may not use this file except in compliance
+#    with the License. You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing,
+#    software distributed under the License is distributed on an
+#    "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+#    KIND, either express or implied. See the License for the
+#    specific language governing permissions and limitations
+#    under the License.
+rs.security.keystore.type=jwk
+rs.security.keystore.alias.jwe=AesGcmKey
+rs.security.keystore.file=org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet.txt
+rs.security.encryption.content.algorithm=A128GCM
+rs.security.encryption.key.algorithm=dir

http://git-wip-us.apache.org/repos/asf/cxf/blob/91a5375a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/jwejson1.properties
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/jwejson1.properties
b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/jwejson1.properties
new file mode 100644
index 0000000..7fd433d
--- /dev/null
+++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/jwejson1.properties
@@ -0,0 +1,22 @@
+#    Licensed to the Apache Software Foundation (ASF) under one
+#    or more contributor license agreements. See the NOTICE file
+#    distributed with this work for additional information
+#    regarding copyright ownership. The ASF licenses this file
+#    to you under the Apache License, Version 2.0 (the
+#    "License"); you may not use this file except in compliance
+#    with the License. You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing,
+#    software distributed under the License is distributed on an
+#    "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+#    KIND, either express or implied. See the License for the
+#    specific language governing permissions and limitations
+#    under the License.
+rs.security.keystore.type=jwk
+rs.security.keystore.file=org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet.txt
+rs.security.encryption.include.key.id=true
+
+rs.security.keystore.alias.jwe=AesWrapKey
+rs.security.encryption.content.algorithm=A128GCM

http://git-wip-us.apache.org/repos/asf/cxf/blob/91a5375a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/jwejson2.properties
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/jwejson2.properties
b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/jwejson2.properties
new file mode 100644
index 0000000..3cc027a
--- /dev/null
+++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/jwejson2.properties
@@ -0,0 +1,22 @@
+#    Licensed to the Apache Software Foundation (ASF) under one
+#    or more contributor license agreements. See the NOTICE file
+#    distributed with this work for additional information
+#    regarding copyright ownership. The ASF licenses this file
+#    to you under the Apache License, Version 2.0 (the
+#    "License"); you may not use this file except in compliance
+#    with the License. You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing,
+#    software distributed under the License is distributed on an
+#    "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+#    KIND, either express or implied. See the License for the
+#    specific language governing permissions and limitations
+#    under the License.
+rs.security.keystore.type=jwk
+rs.security.keystore.file=org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet.txt
+rs.security.encryption.include.key.id=true
+
+rs.security.keystore.alias.jwe=AesWrapKey2
+rs.security.encryption.content.algorithm=A128GCM

http://git-wip-us.apache.org/repos/asf/cxf/blob/91a5375a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/secret.jwk.hmac2.properties
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/secret.jwk.hmac2.properties
b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/secret.jwk.hmac2.properties
deleted file mode 100644
index 608b099..0000000
--- a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/secret.jwk.hmac2.properties
+++ /dev/null
@@ -1,19 +0,0 @@
-#    Licensed to the Apache Software Foundation (ASF) under one
-#    or more contributor license agreements. See the NOTICE file
-#    distributed with this work for additional information
-#    regarding copyright ownership. The ASF licenses this file
-#    to you under the Apache License, Version 2.0 (the
-#    "License"); you may not use this file except in compliance
-#    with the License. You may obtain a copy of the License at
-#
-#    http://www.apache.org/licenses/LICENSE-2.0
-#
-#    Unless required by applicable law or agreed to in writing,
-#    software distributed under the License is distributed on an
-#    "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-#    KIND, either express or implied. See the License for the
-#    specific language governing permissions and limitations
-#    under the License.
-rs.security.keystore.type=jwk
-rs.security.keystore.aliases=HMACKey,HMAC512Key
-rs.security.keystore.file=org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet.txt


Mime
View raw message