Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id 66ACA200CB7 for ; Fri, 30 Jun 2017 17:41:09 +0200 (CEST) Received: by cust-asf.ponee.io (Postfix) id 6475B160BF6; Fri, 30 Jun 2017 15:41:09 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id 34361160BDD for ; Fri, 30 Jun 2017 17:41:08 +0200 (CEST) Received: (qmail 47431 invoked by uid 500); 30 Jun 2017 15:41:07 -0000 Mailing-List: contact commits-help@cxf.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cxf.apache.org Delivered-To: mailing list commits@cxf.apache.org Received: (qmail 47421 invoked by uid 99); 30 Jun 2017 15:41:07 -0000 Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org) (140.211.11.23) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 30 Jun 2017 15:41:07 +0000 Received: by git1-us-west.apache.org (ASF Mail Server at git1-us-west.apache.org, from userid 33) id 21239E180B; Fri, 30 Jun 2017 15:41:05 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: sergeyb@apache.org To: commits@cxf.apache.org Date: Fri, 30 Jun 2017 15:41:05 -0000 Message-Id: <271a903b590e4c2398c5fa7c441cd25f@git.apache.org> X-Mailer: ASF-Git Admin Mailer Subject: [1/2] cxf git commit: [CXF-7434] JweJson and other related improvements archived-at: Fri, 30 Jun 2017 15:41:09 -0000 Repository: cxf Updated Branches: refs/heads/3.1.x-fixes 7c159a791 -> 91a5375ab http://git-wip-us.apache.org/repos/asf/cxf/blob/91a5375a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/JAXRSJweJsonTest.java ---------------------------------------------------------------------- diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/JAXRSJweJsonTest.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/JAXRSJweJsonTest.java index 83832ac..2dd2aa0 100644 --- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/JAXRSJweJsonTest.java +++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/JAXRSJweJsonTest.java @@ -21,10 +21,9 @@ package org.apache.cxf.systest.jaxrs.security.jose.jwejws; import java.net.URL; import java.security.Security; -import java.util.Collections; +import java.util.ArrayList; import java.util.LinkedList; import java.util.List; -import java.util.Map; import org.apache.cxf.Bus; import org.apache.cxf.bus.spring.SpringBusFactory; @@ -59,24 +58,22 @@ public class JAXRSJweJsonTest extends AbstractBusClientServerTestBase { } @Test - public void testJweJsonPlainTextHmac() throws Exception { - String address = "https://localhost:" + PORT + "/jwejsonhmac"; - BookStore bs = createBookStore(address, - "org/apache/cxf/systest/jaxrs/security/secret.jwk.properties", - null); + public void testJweJsonSingleRecipientKeyWrapAndAesCbcHmac() throws Exception { + String address = "https://localhost:" + PORT + "/jwejsonkeywrap"; + BookStore bs = createBookStore(address, + "org/apache/cxf/systest/jaxrs/security/secret.jwk.properties"); String text = bs.echoText("book"); assertEquals("book", text); } - - private BookStore createBookStore(String address, Object properties, - List extraProviders) throws Exception { - return createBookStore(address, - Collections.singletonMap(JoseConstants.RSSEC_ENCRYPTION_PROPS, properties), - extraProviders); + @Test + public void testJweJsonSingleRecipientAesGcmDirect() throws Exception { + String address = "https://localhost:" + PORT + "/jwejsondirect"; + BookStore bs = createBookStore(address, + "org/apache/cxf/systest/jaxrs/security/jwe.direct.properties"); + String text = bs.echoText("book"); + assertEquals("book", text); } - private BookStore createBookStore(String address, - Map mapProperties, - List extraProviders) throws Exception { + private BookStore createBookStore(String address, String propLoc) throws Exception { JAXRSClientFactoryBean bean = new JAXRSClientFactoryBean(); SpringBusFactory bf = new SpringBusFactory(); URL busFile = JAXRSJweJsonTest.class.getResource("client.xml"); @@ -88,11 +85,35 @@ public class JAXRSJweJsonTest extends AbstractBusClientServerTestBase { JweJsonWriterInterceptor writer = new JweJsonWriterInterceptor(); providers.add(writer); providers.add(new JweJsonClientResponseFilter()); - if (extraProviders != null) { - providers.addAll(extraProviders); - } bean.setProviders(providers); - bean.getProperties(true).putAll(mapProperties); + bean.getProperties(true).put(JoseConstants.RSSEC_ENCRYPTION_PROPS, + propLoc); + return bean.create(BookStore.class); + } + + @Test + public void testJweJsontTwoRecipientsKeyWrapAndAesGcm() throws Exception { + String address = "https://localhost:" + PORT + "/jwejsonTwoRecipients"; + BookStore bs = createBookStoreTwoRecipients(address); + String text = bs.echoTextJweJsonIn("book"); + assertEquals("bookbook", text); + } + + private BookStore createBookStoreTwoRecipients(String address) throws Exception { + JAXRSClientFactoryBean bean = new JAXRSClientFactoryBean(); + SpringBusFactory bf = new SpringBusFactory(); + URL busFile = JAXRSJweJsonTest.class.getResource("client.xml"); + Bus springBus = bf.createBus(busFile.toString()); + bean.setBus(springBus); + bean.setServiceClass(BookStore.class); + bean.setAddress(address); + bean.setProvider(new JweJsonWriterInterceptor()); + + List properties = new ArrayList<>(); + properties.add("org/apache/cxf/systest/jaxrs/security/jwejson1.properties"); + properties.add("org/apache/cxf/systest/jaxrs/security/jwejson2.properties"); + bean.getProperties(true).put(JoseConstants.RSSEC_ENCRYPTION_PROPS, + properties); return bean.create(BookStore.class); } http://git-wip-us.apache.org/repos/asf/cxf/blob/91a5375a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/JAXRSJweJwsTest.java ---------------------------------------------------------------------- diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/JAXRSJweJwsTest.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/JAXRSJweJwsTest.java index 9d15ee2..bf6256e 100644 --- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/JAXRSJweJwsTest.java +++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/JAXRSJweJwsTest.java @@ -418,6 +418,35 @@ public class JAXRSJweJwsTest extends AbstractBusClientServerTestBase { } @Test + public void testJweAesGcmDirect() throws Exception { + String address = "https://localhost:" + PORT + "/jweaesgcmdirect"; + JAXRSClientFactoryBean bean = new JAXRSClientFactoryBean(); + SpringBusFactory bf = new SpringBusFactory(); + URL busFile = JAXRSJweJwsTest.class.getResource("client.xml"); + Bus springBus = bf.createBus(busFile.toString()); + bean.setBus(springBus); + bean.setServiceClass(BookStore.class); + bean.setAddress(address); + List providers = new LinkedList(); + // writer + JweWriterInterceptor jweWriter = new JweWriterInterceptor(); + jweWriter.setUseJweOutputStream(true); + // reader + JweClientResponseFilter jweReader = new JweClientResponseFilter(); + + providers.add(jweWriter); + providers.add(jweReader); + bean.setProviders(providers); + + bean.getProperties(true).put("rs.security.encryption.properties", + "org/apache/cxf/systest/jaxrs/security/jwe.direct.properties"); + + BookStore bs = bean.create(BookStore.class); + String text = bs.echoText("book"); + assertEquals("book", text); + } + + @Test public void testJweAesCbcHmac() throws Exception { String address = "https://localhost:" + PORT + "/jweaescbchmac"; JAXRSClientFactoryBean bean = new JAXRSClientFactoryBean(); http://git-wip-us.apache.org/repos/asf/cxf/blob/91a5375a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/JAXRSJwsJsonTest.java ---------------------------------------------------------------------- diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/JAXRSJwsJsonTest.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/JAXRSJwsJsonTest.java index e7d1321..e0cc7be 100644 --- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/JAXRSJwsJsonTest.java +++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/JAXRSJwsJsonTest.java @@ -121,7 +121,7 @@ public class JAXRSJwsJsonTest extends AbstractBusClientServerTestBase { } @Test - public void testJwsJsonBookDoubleHmac() throws Exception { + public void testJwsJsonBookDoubleHmacManyProps() throws Exception { String address = "https://localhost:" + PORT + "/jwsjsonhmac2"; List properties = new ArrayList(); properties.add("org/apache/cxf/systest/jaxrs/security/secret.jwk.properties"); @@ -135,22 +135,6 @@ public class JAXRSJwsJsonTest extends AbstractBusClientServerTestBase { assertEquals("book", book.getName()); assertEquals(123L, book.getId()); } - - @Test - public void testJwsJsonBookDoubleHmacSinglePropsFile() throws Exception { - String address = "https://localhost:" + PORT + "/jwsjsonhmac2"; - List properties = new ArrayList(); - properties.add("org/apache/cxf/systest/jaxrs/security/secret.jwk.hmac2.properties"); - Map map = new HashMap(); - map.put(JoseConstants.RSSEC_SIGNATURE_OUT_PROPS, properties); - map.put(JoseConstants.RSSEC_SIGNATURE_IN_PROPS, - "org/apache/cxf/systest/jaxrs/security/secret.jwk.properties"); - BookStore bs = createBookStore(address, map, null); - Book book = bs.echoBookXml(new Book("book", 123L)); - assertEquals("book", book.getName()); - assertEquals(123L, book.getId()); - } - // Test signing an XML payload @Test public void testJwsJsonPlainTextHmacXML() throws Exception { http://git-wip-us.apache.org/repos/asf/cxf/blob/91a5375a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet.txt ---------------------------------------------------------------------- diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet.txt b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet.txt index 0dde577..5dab671 100644 --- a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet.txt +++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet.txt @@ -12,6 +12,17 @@ "kid":"AesWrapKey"}, {"kty":"oct", + "alg":"A128KW", + "k":"GawgguFyGrWKav7AX4VKUg", + "kid":"AesWrapKey2"}, + + {"kty":"oct", + "alg":"A128GCM", + "k":"GawgguFyGrWKav7AX4VKUg", + "kid":"AesGcmKey"}, + + + {"kty":"oct", "alg":"HS256", "k":"AyM1SysPpbyDfgZld3umj1qzKObwVMkoqQ-EstJQLr_T-1qS0gZH75aKtMN3Yj0iPS4hcgUuTwjAzZr1Z9CAow", "kid":"HMACKey"}, http://git-wip-us.apache.org/repos/asf/cxf/blob/91a5375a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/jose/jwejws/server.xml ---------------------------------------------------------------------- diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/jose/jwejws/server.xml b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/jose/jwejws/server.xml index 67a1c94..b71c07f 100644 --- a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/jose/jwejws/server.xml +++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/jose/jwejws/server.xml @@ -261,4 +261,16 @@ under the License. + + + + + + + + + + + + http://git-wip-us.apache.org/repos/asf/cxf/blob/91a5375a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/jose/jwejws/serverJweJson.xml ---------------------------------------------------------------------- diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/jose/jwejws/serverJweJson.xml b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/jose/jwejws/serverJweJson.xml index 7757ef7..c5ea8fa 100644 --- a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/jose/jwejws/serverJweJson.xml +++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/jose/jwejws/serverJweJson.xml @@ -42,7 +42,7 @@ under the License. - + @@ -54,5 +54,28 @@ under the License. + + + + + + + + + + + + + + + + + + + + + + http://git-wip-us.apache.org/repos/asf/cxf/blob/91a5375a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/jwe.direct.properties ---------------------------------------------------------------------- diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/jwe.direct.properties b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/jwe.direct.properties new file mode 100644 index 0000000..6fa30be --- /dev/null +++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/jwe.direct.properties @@ -0,0 +1,21 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +rs.security.keystore.type=jwk +rs.security.keystore.alias.jwe=AesGcmKey +rs.security.keystore.file=org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet.txt +rs.security.encryption.content.algorithm=A128GCM +rs.security.encryption.key.algorithm=dir http://git-wip-us.apache.org/repos/asf/cxf/blob/91a5375a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/jwejson1.properties ---------------------------------------------------------------------- diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/jwejson1.properties b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/jwejson1.properties new file mode 100644 index 0000000..7fd433d --- /dev/null +++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/jwejson1.properties @@ -0,0 +1,22 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +rs.security.keystore.type=jwk +rs.security.keystore.file=org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet.txt +rs.security.encryption.include.key.id=true + +rs.security.keystore.alias.jwe=AesWrapKey +rs.security.encryption.content.algorithm=A128GCM http://git-wip-us.apache.org/repos/asf/cxf/blob/91a5375a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/jwejson2.properties ---------------------------------------------------------------------- diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/jwejson2.properties b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/jwejson2.properties new file mode 100644 index 0000000..3cc027a --- /dev/null +++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/jwejson2.properties @@ -0,0 +1,22 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +rs.security.keystore.type=jwk +rs.security.keystore.file=org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet.txt +rs.security.encryption.include.key.id=true + +rs.security.keystore.alias.jwe=AesWrapKey2 +rs.security.encryption.content.algorithm=A128GCM http://git-wip-us.apache.org/repos/asf/cxf/blob/91a5375a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/secret.jwk.hmac2.properties ---------------------------------------------------------------------- diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/secret.jwk.hmac2.properties b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/secret.jwk.hmac2.properties deleted file mode 100644 index 608b099..0000000 --- a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/secret.jwk.hmac2.properties +++ /dev/null @@ -1,19 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -rs.security.keystore.type=jwk -rs.security.keystore.aliases=HMACKey,HMAC512Key -rs.security.keystore.file=org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet.txt