Repository: cxf Updated Branches: refs/heads/3.0.x-fixes 9cb7b0e97 -> 2c731ed48
[CXF-5954] Adding a basic JWE system test where keys are loaded from JWK sets Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/2c731ed4 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/2c731ed4 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/2c731ed4 Branch: refs/heads/3.0.x-fixes Commit: 2c731ed48d85933f1881d85130a92c8040dedf82 Parents: 9cb7b0e Author: Sergey Beryozkin <sberyoz...@talend.com> Authored: Fri Sep 5 13:26:03 2014 +0100 Committer: Sergey Beryozkin <sberyoz...@talend.com> Committed: Fri Sep 5 13:29:43 2014 +0100 ---------------------------------------------------------------------- .../cxf/rs/security/oauth2/jwk/JsonWebKey.java | 2 +- .../jaxrs/security/jwt/JAXRSJweJwsTest.java | 25 +++++++++++++++++++- .../cxf/systest/jaxrs/security/jwt/server.xml | 13 ++++++++++ .../systest/jaxrs/security/alice.jwk.properties | 21 ++++++++++++++++ .../systest/jaxrs/security/bob.jwk.properties | 24 +++++++++++++++++++ .../jaxrs/security/certs/jwkPrivateSet.txt | 9 +++++++ .../jaxrs/security/certs/jwkPublicSet.txt | 8 +++++++ 7 files changed, 100 insertions(+), 2 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/2c731ed4/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwk/JsonWebKey.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwk/JsonWebKey.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwk/JsonWebKey.java index bfb61eb..93c3a14 100644 --- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwk/JsonWebKey.java +++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwk/JsonWebKey.java @@ -166,7 +166,7 @@ public class JsonWebKey extends AbstractJwtObject { return CryptoUtils.getRSAPublicKey(encodedModulus, encodedPublicExponent); } public RSAPrivateKey toRSAPrivateKey() { - String encodedPublicExponent = (String)super.getValue(RSA_PUBLIC_EXP); + String encodedPublicExponent = (String)super.getValue(RSA_MODULUS); String encodedPrivateExponent = (String)super.getValue(RSA_PRIVATE_EXP); return CryptoUtils.getRSAPrivateKey(encodedPublicExponent, encodedPrivateExponent); } http://git-wip-us.apache.org/repos/asf/cxf/blob/2c731ed4/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JAXRSJweJwsTest.java ---------------------------------------------------------------------- diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JAXRSJweJwsTest.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JAXRSJweJwsTest.java index 8f937cc..d339a3e 100644 --- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JAXRSJweJwsTest.java +++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JAXRSJweJwsTest.java @@ -77,7 +77,30 @@ public class JAXRSJweJwsTest extends AbstractBusClientServerTestBase { public static void unregisterBouncyCastleIfNeeded() throws Exception { Security.removeProvider(BouncyCastleProvider.class.getName()); } - + @Test + public void testJweJwk() throws Exception { + String address = "https://localhost:" + PORT + "/jwejwk"; + JAXRSClientFactoryBean bean = new JAXRSClientFactoryBean(); + SpringBusFactory bf = new SpringBusFactory(); + URL busFile = JAXRSJweJwsTest.class.getResource("client.xml"); + Bus springBus = bf.createBus(busFile.toString()); + bean.setBus(springBus); + bean.setServiceClass(BookStore.class); + bean.setAddress(address); + List<Object> providers = new LinkedList<Object>(); + JweWriterInterceptor jweWriter = new JweWriterInterceptor(); + jweWriter.setUseJweOutputStream(true); + providers.add(jweWriter); + providers.add(new JweClientResponseFilter()); + bean.setProviders(providers); + bean.getProperties(true).put("rs.security.encryption.out.properties", + "org/apache/cxf/systest/jaxrs/security/bob.jwk.properties"); + bean.getProperties(true).put("rs.security.encryption.in.properties", + "org/apache/cxf/systest/jaxrs/security/alice.jwk.properties"); + BookStore bs = bean.create(BookStore.class); + String text = bs.echoText("book"); + assertEquals("book", text); + } @Test public void testJweRsaJwsRsa() throws Exception { String address = "https://localhost:" + PORT + "/jwejwsrsa"; http://git-wip-us.apache.org/repos/asf/cxf/blob/2c731ed4/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/server.xml ---------------------------------------------------------------------- diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/server.xml b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/server.xml index 07aad8c..55bf214 100644 --- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/server.xml +++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/server.xml @@ -101,6 +101,19 @@ under the License. <entry key="rs.security.decryption.key.password.provider" value-ref="keyPasswordProvider"/> </jaxrs:properties> </jaxrs:server> + <jaxrs:server address="https://localhost:${testutil.ports.jaxrs-jwt}/jwejwk"> + <jaxrs:serviceBeans> + <ref bean="serviceBean"/> + </jaxrs:serviceBeans> + <jaxrs:providers> + <ref bean="jweInFilter"/> + <ref bean="jweOutFilter"/> + </jaxrs:providers> + <jaxrs:properties> + <entry key="rs.security.encryption.in.properties" value="org/apache/cxf/systest/jaxrs/security/alice.jwk.properties"/> + <entry key="rs.security.encryption.out.properties" value="org/apache/cxf/systest/jaxrs/security/bob.jwk.properties"/> + </jaxrs:properties> + </jaxrs:server> <jaxrs:server address="https://localhost:${testutil.ports.jaxrs-jwt}/jwejwshmac"> <jaxrs:serviceBeans> <ref bean="serviceBean"/> http://git-wip-us.apache.org/repos/asf/cxf/blob/2c731ed4/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/alice.jwk.properties ---------------------------------------------------------------------- diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/alice.jwk.properties b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/alice.jwk.properties new file mode 100644 index 0000000..cab78a1 --- /dev/null +++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/alice.jwk.properties @@ -0,0 +1,21 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +rs.security.keystore.type=jwk +rs.security.keystore.alias=2011-04-29 +rs.security.keystore.file=org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet.txt +rs.security.jwe.content.encryption.algorithm=A128GCM +rs.security.jwe.key.encryption.algorithm=RSA-OAEP http://git-wip-us.apache.org/repos/asf/cxf/blob/2c731ed4/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/bob.jwk.properties ---------------------------------------------------------------------- diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/bob.jwk.properties b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/bob.jwk.properties new file mode 100644 index 0000000..16aabf0 --- /dev/null +++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/bob.jwk.properties @@ -0,0 +1,24 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# +rs.security.keystore.type=jwk +rs.security.keystore.alias=2011-04-29 +rs.security.keystore.file=org/apache/cxf/systest/jaxrs/security/certs/jwkPublicSet.txt +rs.security.jwe.content.encryption.algorithm=A128GCM +rs.security.jwe.key.encryption.algorithm=RSA-OAEP + http://git-wip-us.apache.org/repos/asf/cxf/blob/2c731ed4/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet.txt ---------------------------------------------------------------------- diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet.txt b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet.txt new file mode 100644 index 0000000..cc336cc --- /dev/null +++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet.txt @@ -0,0 +1,9 @@ +{"keys": + [ + {"kty":"RSA", + "n":"oahUIoWw0K0usKNuOR6H4wkf4oBUXHTxRvgb48E-BVvxkeDNjbC4he8rUWcJoZmds2h7M70imEVhRU5djINXtqllXI4DFqcI1DgjT9LewND8MW2Krf3Spsk_ZkoFnilakGygTwpZ3uesH-PFABNIUYpOiN15dsQRkgr0vEhxN92i2asbOenSZeyaxziK72UwxrrKoExv6kc5twXTq4h-QChLOln0_mtUZwfsRaMStPs6mS6XrgxnxbWhojf663tuEQueGC-FCMfra36C9knDFGzKsNa7LZK2djYgyD3JR_MB_4NUJW_TqOQtwHYbxevoJArm-L5StowjzGy-_bq6Gw", + "e":"AQAB", + "d":"kLdtIj6GbDks_ApCSTYQtelcNttlKiOyPzMrXHeI-yk1F7-kpDxY4-WY5NWV5KntaEeXS1j82E375xxhWMHXyvjYecPT9fpwR_M9gV8n9Hrh2anTpTD93Dt62ypW3yDsJzBnTnrYu1iwWRgBKrEYY46qAZIrA2xAwnm2X7uGR1hghkqDp0Vqj3kbSCz1XyfCs6_LehBwtxHIyh8Ripy40p24moOAbgxVw3rxT_vlt3UVe4WO3JkJOzlpUf-KTVI2Ptgm-dARxTEtE-id-4OJr0h-K-VFs3VSndVTIznSxfyrj8ILL6MG_Uv8YAu7VILSB3lOW085-4qE3DzgrTjgyQ", + "kid":"2011-04-29"} + ] + } http://git-wip-us.apache.org/repos/asf/cxf/blob/2c731ed4/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/certs/jwkPublicSet.txt ---------------------------------------------------------------------- diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/certs/jwkPublicSet.txt b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/certs/jwkPublicSet.txt new file mode 100644 index 0000000..4487aa2 --- /dev/null +++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/certs/jwkPublicSet.txt @@ -0,0 +1,8 @@ +{"keys": + [ + {"kty":"RSA", + "n":"oahUIoWw0K0usKNuOR6H4wkf4oBUXHTxRvgb48E-BVvxkeDNjbC4he8rUWcJoZmds2h7M70imEVhRU5djINXtqllXI4DFqcI1DgjT9LewND8MW2Krf3Spsk_ZkoFnilakGygTwpZ3uesH-PFABNIUYpOiN15dsQRkgr0vEhxN92i2asbOenSZeyaxziK72UwxrrKoExv6kc5twXTq4h-QChLOln0_mtUZwfsRaMStPs6mS6XrgxnxbWhojf663tuEQueGC-FCMfra36C9knDFGzKsNa7LZK2djYgyD3JR_MB_4NUJW_TqOQtwHYbxevoJArm-L5StowjzGy-_bq6Gw", + "e":"AQAB", + "kid":"2011-04-29"} + ] + } \ No newline at end of file