Author: coheigea
Date: Mon Feb 27 13:12:21 2012
New Revision: 1294139
URL: http://svn.apache.org/viewvc?rev=1294139&view=rev
Log:
Add support for GCM algorithms for restful encryption via BouncyCastle
Conflicts:
systests/rs-security/pom.xml
Added:
cxf/branches/2.5.x-fixes/systests/rs-security/src/test/resources/logging.properties
Modified:
cxf/branches/2.5.x-fixes/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlEncOutInterceptor.java
cxf/branches/2.5.x-fixes/systests/rs-security/pom.xml
cxf/branches/2.5.x-fixes/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/JAXRSXmlSecTest.java
Modified:
cxf/branches/2.5.x-fixes/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlEncOutInterceptor.java
URL:
http://svn.apache.org/viewvc/cxf/branches/2.5.x-fixes/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlEncOutInterceptor.java?rev=1294139&r1=1294138&r2=1294139&view=diff
==============================================================================
---
cxf/branches/2.5.x-fixes/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlEncOutInterceptor.java
(original)
+++
cxf/branches/2.5.x-fixes/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlEncOutInterceptor.java
Mon Feb 27 13:12:21 2012
@@ -77,7 +77,8 @@ public class XmlEncOutInterceptor extend
}
public void setSymmetricEncAlgorithm(String algo) {
- if (!algo.startsWith(EncryptionConstants.EncryptionSpecNS)) {
+ if (!(algo.startsWith(EncryptionConstants.EncryptionSpecNS)
+ || algo.startsWith(EncryptionConstants.EncryptionSpec11NS))) {
algo = EncryptionConstants.EncryptionSpecNS + algo;
}
symEncAlgo = algo;
@@ -156,11 +157,14 @@ public class XmlEncOutInterceptor extend
//
String keyAlgorithm =
JCEMapper.getJCEKeyAlgorithmFromURI(symEncAlgo);
KeyGenerator keyGen = KeyGenerator.getInstance(keyAlgorithm);
- if (symEncAlgo.equalsIgnoreCase(WSConstants.AES_128)) {
+ if (symEncAlgo.equalsIgnoreCase(WSConstants.AES_128)
+ || symEncAlgo.equalsIgnoreCase(WSConstants.AES_128_GCM)) {
keyGen.init(128);
- } else if (symEncAlgo.equalsIgnoreCase(WSConstants.AES_192)) {
+ } else if (symEncAlgo.equalsIgnoreCase(WSConstants.AES_192)
+ || symEncAlgo.equalsIgnoreCase(WSConstants.AES_192_GCM)) {
keyGen.init(192);
- } else if (symEncAlgo.equalsIgnoreCase(WSConstants.AES_256)) {
+ } else if (symEncAlgo.equalsIgnoreCase(WSConstants.AES_256)
+ || symEncAlgo.equalsIgnoreCase(WSConstants.AES_256_GCM)) {
keyGen.init(256);
}
return keyGen;
Modified: cxf/branches/2.5.x-fixes/systests/rs-security/pom.xml
URL:
http://svn.apache.org/viewvc/cxf/branches/2.5.x-fixes/systests/rs-security/pom.xml?rev=1294139&r1=1294138&r2=1294139&view=diff
==============================================================================
--- cxf/branches/2.5.x-fixes/systests/rs-security/pom.xml (original)
+++ cxf/branches/2.5.x-fixes/systests/rs-security/pom.xml Mon Feb 27 13:12:21
2012
@@ -189,7 +189,11 @@
<artifactId>jettison</artifactId>
<scope>test</scope>
</dependency>
-
+ <dependency>
+ <groupId>org.bouncycastle</groupId>
+ <artifactId>bcprov-jdk15</artifactId>
+ <scope>test</scope>
+ </dependency>
</dependencies>
<build>
Modified:
cxf/branches/2.5.x-fixes/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/JAXRSXmlSecTest.java
URL:
http://svn.apache.org/viewvc/cxf/branches/2.5.x-fixes/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/JAXRSXmlSecTest.java?rev=1294139&r1=1294138&r2=1294139&view=diff
==============================================================================
---
cxf/branches/2.5.x-fixes/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/JAXRSXmlSecTest.java
(original)
+++
cxf/branches/2.5.x-fixes/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/JAXRSXmlSecTest.java
Mon Feb 27 13:12:21 2012
@@ -158,6 +158,19 @@ public class JAXRSXmlSecTest extends Abs
}
@Test
+ public void testPostEncryptedBookGCM() throws Exception {
+ String address = "https://localhost:"; + PORT +
"/xmlenc/bookstore/books";
+ Map<String, Object> properties = new HashMap<String, Object>();
+ properties.put("ws-security.callback-handler",
+
"org.apache.cxf.systest.jaxrs.security.saml.KeystorePasswordCallback");
+ properties.put("ws-security.encryption.username", "bob");
+ properties.put("ws-security.encryption.properties",
+ "org/apache/cxf/systest/jaxrs/security/bob.properties");
+ String aes128GCM = "http://www.w3.org/2009/xmlenc11#aes128-gcm";;
+ doTestPostEncryptedBook(address, properties, SecurityUtils.X509_KEY,
aes128GCM);
+ }
+
+ @Test
public void testPostEncryptedBookIssuerSerial() throws Exception {
String address = "https://localhost:"; + PORT +
"/xmlenc/bookstore/books";
Map<String, Object> properties = new HashMap<String, Object>();
@@ -166,7 +179,7 @@ public class JAXRSXmlSecTest extends Abs
properties.put("ws-security.encryption.username", "bob");
properties.put("ws-security.encryption.properties",
"org/apache/cxf/systest/jaxrs/security/bob.properties");
- doTestPostEncryptedBook(address, properties,
SecurityUtils.X509_ISSUER_SERIAL);
+ doTestPostEncryptedBook(address, properties,
SecurityUtils.X509_ISSUER_SERIAL, XMLCipher.AES_128);
}
@Test
@@ -201,11 +214,11 @@ public class JAXRSXmlSecTest extends Abs
public void doTestPostEncryptedBook(String address, Map<String, Object>
properties)
throws Exception {
- doTestPostEncryptedBook(address, properties, SecurityUtils.X509_KEY);
+ doTestPostEncryptedBook(address, properties, SecurityUtils.X509_KEY,
XMLCipher.AES_128);
}
public void doTestPostEncryptedBook(String address, Map<String, Object>
properties,
- String keyIdentifierType)
+ String keyIdentifierType, String
symmetricAlgorithm)
throws Exception {
JAXRSClientFactoryBean bean = new JAXRSClientFactoryBean();
bean.setAddress(address);
@@ -219,7 +232,7 @@ public class JAXRSXmlSecTest extends Abs
bean.getOutInterceptors().add(new XmlSigOutInterceptor());
XmlEncOutInterceptor encInterceptor = new XmlEncOutInterceptor();
encInterceptor.setKeyIdentifierType(keyIdentifierType);
- encInterceptor.setSymmetricEncAlgorithm(XMLCipher.AES_128);
+ encInterceptor.setSymmetricEncAlgorithm(symmetricAlgorithm);
bean.getOutInterceptors().add(encInterceptor);
bean.getInInterceptors().add(new XmlEncInInterceptor());
Added:
cxf/branches/2.5.x-fixes/systests/rs-security/src/test/resources/logging.properties
URL:
http://svn.apache.org/viewvc/cxf/branches/2.5.x-fixes/systests/rs-security/src/test/resources/logging.properties?rev=1294139&view=auto
==============================================================================
---
cxf/branches/2.5.x-fixes/systests/rs-security/src/test/resources/logging.properties
(added)
+++
cxf/branches/2.5.x-fixes/systests/rs-security/src/test/resources/logging.properties
Mon Feb 27 13:12:21 2012
@@ -0,0 +1,74 @@
+#
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+#
+############################################################
+# Default Logging Configuration File
+#
+# You can use a different file by specifying a filename
+# with the java.util.logging.config.file system property.
+# For example java -Djava.util.logging.config.file=myfile
+############################################################
+
+############################################################
+# Global properties
+############################################################
+
+# "handlers" specifies a comma separated list of log Handler
+# classes. These handlers will be installed during VM startup.
+# Note that these classes must be on the system classpath.
+# By default we only configure a ConsoleHandler, which will only
+# show messages at the INFO and above levels.
+handlers= java.util.logging.ConsoleHandler
+
+# To also add the FileHandler, use the following line instead.
+#handlers= java.util.logging.FileHandler, java.util.logging.ConsoleHandler
+
+# Default global logging level.
+# This specifies which kinds of events are logged across
+# all loggers. For any given facility this global level
+# can be overriden by a facility specific level
+# Note that the ConsoleHandler also has a separate level
+# setting to limit messages printed to the console.
+.level= WARNING
+
+############################################################
+# Handler specific properties.
+# Describes specific configuration info for Handlers.
+############################################################
+
+# default file output is in user's home directory.
+java.util.logging.FileHandler.pattern = %h/java%u.log
+java.util.logging.FileHandler.limit = 50000
+java.util.logging.FileHandler.count = 1
+java.util.logging.FileHandler.formatter = java.util.logging.XMLFormatter
+
+# Limit the message that are printed on the console to INFO and above.
+java.util.logging.ConsoleHandler.level = SEVERE
+java.util.logging.ConsoleHandler.formatter = java.util.logging.SimpleFormatter
+
+
+############################################################
+# Facility specific properties.
+# Provides extra control for each logger.
+############################################################
+
+# For example, set the com.xyz.foo logger to only log SEVERE
+# messages:
+#com.xyz.foo.level = SEVERE
