[CXF-5944] Updating JwsSignatureProvider interface
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/8adaa1d2 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/8adaa1d2 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/8adaa1d2 Branch: refs/heads/3.0.x-fixes Commit: 8adaa1d2bbe2f5a55e40ebf9189e9040f82cac0d Parents: 676c4ec Author: Sergey Beryozkin <[email protected]> Authored: Fri Sep 19 10:15:59 2014 +0100 Committer: Sergey Beryozkin <[email protected]> Committed: Fri Sep 19 10:18:40 2014 +0100 ---------------------------------------------------------------------- .../jose/jaxrs/AbstractJwsWriterProvider.java | 2 +- .../jose/jws/AbstractJwsSignatureProvider.java | 19 +++--- .../jose/jws/EcDsaJwsSignatureProvider.java | 13 ++-- .../jose/jws/HmacJwsSignatureProvider.java | 26 +++----- .../jose/jws/HmacJwsSignatureVerifier.java | 62 ++++++++++++++++++++ .../security/jose/jws/JwsSignatureProvider.java | 1 + .../cxf/rs/security/jose/jws/JwsUtils.java | 11 ++-- .../jws/PrivateKeyJwsSignatureProvider.java | 17 +++--- .../jose/jws/JwsCompactReaderWriterTest.java | 12 ++-- .../jaxrs/security/jwt/JAXRSJweJwsTest.java | 4 +- .../cxf/systest/jaxrs/security/jwt/server.xml | 2 +- 11 files changed, 114 insertions(+), 55 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/8adaa1d2/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/AbstractJwsWriterProvider.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/AbstractJwsWriterProvider.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/AbstractJwsWriterProvider.java index 701e058..d2fc2ae 100644 --- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/AbstractJwsWriterProvider.java +++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/AbstractJwsWriterProvider.java @@ -71,7 +71,7 @@ public class AbstractJwsWriterProvider { rsaSignatureAlgo = getSignatureAlgo(props, null); RSAPrivateKey pk = (RSAPrivateKey)CryptoUtils.loadPrivateKey(m, props, CryptoUtils.RSSEC_SIG_KEY_PSWD_PROVIDER); - theSigProvider = new PrivateKeyJwsSignatureProvider(pk); + theSigProvider = new PrivateKeyJwsSignatureProvider(pk, rsaSignatureAlgo); } if (theSigProvider == null) { throw new SecurityException(); http://git-wip-us.apache.org/repos/asf/cxf/blob/8adaa1d2/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jws/AbstractJwsSignatureProvider.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jws/AbstractJwsSignatureProvider.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jws/AbstractJwsSignatureProvider.java index 04516a3..4be56f6 100644 --- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jws/AbstractJwsSignatureProvider.java +++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jws/AbstractJwsSignatureProvider.java @@ -24,10 +24,11 @@ import org.apache.cxf.rs.security.jose.jwt.JwtHeaders; public abstract class AbstractJwsSignatureProvider implements JwsSignatureProvider { private Set<String> supportedAlgorithms; - private String defaultJwtAlgorithm; + private String algorithm; - protected AbstractJwsSignatureProvider(Set<String> supportedAlgorithms) { + protected AbstractJwsSignatureProvider(Set<String> supportedAlgorithms, String algo) { this.supportedAlgorithms = supportedAlgorithms; + this.algorithm = algo; } protected JwtHeaders prepareHeaders(JwtHeaders headers) { @@ -38,11 +39,15 @@ public abstract class AbstractJwsSignatureProvider implements JwsSignatureProvid if (algo != null) { checkAlgorithm(algo); } else { - headers.setAlgorithm(defaultJwtAlgorithm); + checkAlgorithm(algorithm); + headers.setAlgorithm(algorithm); } return headers; } - + @Override + public String getAlgorithm() { + return algorithm; + } @Override public JwsSignature createJwsSignature(JwtHeaders headers) { return doCreateJwsSignature(prepareHeaders(headers)); @@ -50,13 +55,11 @@ public abstract class AbstractJwsSignatureProvider implements JwsSignatureProvid protected abstract JwsSignature doCreateJwsSignature(JwtHeaders headers); - public void setDefaultJwtAlgorithm(String algo) { - this.defaultJwtAlgorithm = algo; - } - protected void checkAlgorithm(String algo) { + protected String checkAlgorithm(String algo) { if (algo == null || !supportedAlgorithms.contains(algo)) { throw new SecurityException(); } + return algo; } } http://git-wip-us.apache.org/repos/asf/cxf/blob/8adaa1d2/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jws/EcDsaJwsSignatureProvider.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jws/EcDsaJwsSignatureProvider.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jws/EcDsaJwsSignatureProvider.java index f1547b5..e52edec 100644 --- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jws/EcDsaJwsSignatureProvider.java +++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jws/EcDsaJwsSignatureProvider.java @@ -33,13 +33,14 @@ public class EcDsaJwsSignatureProvider extends PrivateKeyJwsSignatureProvider { Algorithm.SHA384withECDSA.getJwtName(), Algorithm.SHA512withECDSA.getJwtName())); - public EcDsaJwsSignatureProvider(ECPrivateKey key) { - this(key, null); + public EcDsaJwsSignatureProvider(ECPrivateKey key, String algo) { + this(key, null, algo); } - public EcDsaJwsSignatureProvider(ECPrivateKey key, AlgorithmParameterSpec spec) { - this(key, null, spec); + public EcDsaJwsSignatureProvider(ECPrivateKey key, AlgorithmParameterSpec spec, String algo) { + this(key, null, spec, algo); } - public EcDsaJwsSignatureProvider(ECPrivateKey key, SecureRandom random, AlgorithmParameterSpec spec) { - super(key, random, spec, SUPPORTED_ALGORITHMS); + public EcDsaJwsSignatureProvider(ECPrivateKey key, SecureRandom random, AlgorithmParameterSpec spec, + String algo) { + super(key, random, spec, SUPPORTED_ALGORITHMS, algo); } } http://git-wip-us.apache.org/repos/asf/cxf/blob/8adaa1d2/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jws/HmacJwsSignatureProvider.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jws/HmacJwsSignatureProvider.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jws/HmacJwsSignatureProvider.java index 38ed06a..c1fcc46 100644 --- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jws/HmacJwsSignatureProvider.java +++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jws/HmacJwsSignatureProvider.java @@ -31,7 +31,7 @@ import org.apache.cxf.rs.security.jose.jwt.JwtHeaders; import org.apache.cxf.rs.security.oauth2.utils.Base64UrlUtility; import org.apache.cxf.rs.security.oauth2.utils.crypto.HmacUtils; -public class HmacJwsSignatureProvider extends AbstractJwsSignatureProvider implements JwsSignatureVerifier { +public class HmacJwsSignatureProvider extends AbstractJwsSignatureProvider { private static final Set<String> SUPPORTED_ALGORITHMS = new HashSet<String>( Arrays.asList(Algorithm.HmacSHA256.getJwtName(), Algorithm.HmacSHA384.getJwtName(), @@ -39,16 +39,16 @@ public class HmacJwsSignatureProvider extends AbstractJwsSignatureProvider imple private byte[] key; private AlgorithmParameterSpec hmacSpec; - public HmacJwsSignatureProvider(byte[] key) { - this(key, null); + public HmacJwsSignatureProvider(byte[] key, String algo) { + this(key, null, algo); } - public HmacJwsSignatureProvider(byte[] key, AlgorithmParameterSpec spec) { - super(SUPPORTED_ALGORITHMS); + public HmacJwsSignatureProvider(byte[] key, AlgorithmParameterSpec spec, String algo) { + super(SUPPORTED_ALGORITHMS, algo); this.key = key; this.hmacSpec = spec; } - public HmacJwsSignatureProvider(String encodedKey) { - super(SUPPORTED_ALGORITHMS); + public HmacJwsSignatureProvider(String encodedKey, String algo) { + super(SUPPORTED_ALGORITHMS, algo); try { this.key = Base64UrlUtility.decode(encodedKey); } catch (Base64Exception ex) { @@ -56,18 +56,6 @@ public class HmacJwsSignatureProvider extends AbstractJwsSignatureProvider imple } } - @Override - public boolean verify(JwtHeaders headers, String unsignedText, byte[] signature) { - byte[] expected = computeMac(headers, unsignedText); - return Arrays.equals(expected, signature); - } - - private byte[] computeMac(JwtHeaders headers, String text) { - return HmacUtils.computeHmac(key, - Algorithm.toJavaName(headers.getAlgorithm()), - hmacSpec, - text); - } protected JwsSignature doCreateJwsSignature(JwtHeaders headers) { final Mac mac = HmacUtils.getInitializedMac(key, Algorithm.toJavaName(headers.getAlgorithm()), hmacSpec); http://git-wip-us.apache.org/repos/asf/cxf/blob/8adaa1d2/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jws/HmacJwsSignatureVerifier.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jws/HmacJwsSignatureVerifier.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jws/HmacJwsSignatureVerifier.java new file mode 100644 index 0000000..fed7e1f --- /dev/null +++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jws/HmacJwsSignatureVerifier.java @@ -0,0 +1,62 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.cxf.rs.security.jose.jws; + +import java.security.spec.AlgorithmParameterSpec; +import java.util.Arrays; + +import org.apache.cxf.common.util.Base64Exception; +import org.apache.cxf.rs.security.jose.jwa.Algorithm; +import org.apache.cxf.rs.security.jose.jwt.JwtHeaders; +import org.apache.cxf.rs.security.oauth2.utils.Base64UrlUtility; +import org.apache.cxf.rs.security.oauth2.utils.crypto.HmacUtils; + +public class HmacJwsSignatureVerifier implements JwsSignatureVerifier { + private byte[] key; + private AlgorithmParameterSpec hmacSpec; + + public HmacJwsSignatureVerifier(byte[] key) { + this(key, null); + } + public HmacJwsSignatureVerifier(byte[] key, AlgorithmParameterSpec spec) { + this.key = key; + this.hmacSpec = spec; + } + public HmacJwsSignatureVerifier(String encodedKey) { + try { + this.key = Base64UrlUtility.decode(encodedKey); + } catch (Base64Exception ex) { + throw new SecurityException(); + } + } + + @Override + public boolean verify(JwtHeaders headers, String unsignedText, byte[] signature) { + byte[] expected = computeMac(headers, unsignedText); + return Arrays.equals(expected, signature); + } + + private byte[] computeMac(JwtHeaders headers, String text) { + return HmacUtils.computeHmac(key, + Algorithm.toJavaName(headers.getAlgorithm()), + hmacSpec, + text); + } + +} http://git-wip-us.apache.org/repos/asf/cxf/blob/8adaa1d2/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsSignatureProvider.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsSignatureProvider.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsSignatureProvider.java index ea40029..a4d12bf 100644 --- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsSignatureProvider.java +++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsSignatureProvider.java @@ -21,5 +21,6 @@ package org.apache.cxf.rs.security.jose.jws; import org.apache.cxf.rs.security.jose.jwt.JwtHeaders; public interface JwsSignatureProvider { + String getAlgorithm(); JwsSignature createJwsSignature(JwtHeaders headers); } http://git-wip-us.apache.org/repos/asf/cxf/blob/8adaa1d2/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java index a8b81c0..20b2672 100644 --- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java +++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java @@ -33,13 +33,16 @@ public final class JwsUtils { String rsaSignatureAlgo = jwk.getAlgorithm() == null ? defaultAlgorithm : jwk.getAlgorithm(); JwsSignatureProvider theSigProvider = null; if (JsonWebKey.KEY_TYPE_RSA.equals(jwk.getKeyType())) { - theSigProvider = new PrivateKeyJwsSignatureProvider(JwkUtils.toRSAPrivateKey(jwk)); + theSigProvider = new PrivateKeyJwsSignatureProvider(JwkUtils.toRSAPrivateKey(jwk), + rsaSignatureAlgo); } else if (JsonWebKey.KEY_TYPE_OCTET.equals(jwk.getKeyType()) && Algorithm.isHmacSign(rsaSignatureAlgo)) { theSigProvider = - new HmacJwsSignatureProvider((String)jwk.getProperty(JsonWebKey.OCTET_KEY_VALUE)); + new HmacJwsSignatureProvider((String)jwk.getProperty(JsonWebKey.OCTET_KEY_VALUE), + rsaSignatureAlgo); } else if (JsonWebKey.KEY_TYPE_ELLIPTIC.equals(jwk.getKeyType())) { - theSigProvider = new EcDsaJwsSignatureProvider(JwkUtils.toECPrivateKey(jwk)); + theSigProvider = new EcDsaJwsSignatureProvider(JwkUtils.toECPrivateKey(jwk), + rsaSignatureAlgo); } return theSigProvider; } @@ -51,7 +54,7 @@ public final class JwsUtils { } else if (JsonWebKey.KEY_TYPE_OCTET.equals(jwk.getKeyType()) && Algorithm.isHmacSign(rsaSignatureAlgo)) { theVerifier = - new HmacJwsSignatureProvider((String)jwk.getProperty(JsonWebKey.OCTET_KEY_VALUE)); + new HmacJwsSignatureVerifier((String)jwk.getProperty(JsonWebKey.OCTET_KEY_VALUE)); } else if (JsonWebKey.KEY_TYPE_ELLIPTIC.equals(jwk.getKeyType())) { theVerifier = new PublicKeyJwsSignatureVerifier(JwkUtils.toECPublicKey(jwk)); } http://git-wip-us.apache.org/repos/asf/cxf/blob/8adaa1d2/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jws/PrivateKeyJwsSignatureProvider.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jws/PrivateKeyJwsSignatureProvider.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jws/PrivateKeyJwsSignatureProvider.java index 840256e..bbd92aa 100644 --- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jws/PrivateKeyJwsSignatureProvider.java +++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jws/PrivateKeyJwsSignatureProvider.java @@ -40,21 +40,22 @@ public class PrivateKeyJwsSignatureProvider extends AbstractJwsSignatureProvider private SecureRandom random; private AlgorithmParameterSpec signatureSpec; - public PrivateKeyJwsSignatureProvider(PrivateKey key) { - this(key, null); + public PrivateKeyJwsSignatureProvider(PrivateKey key, String algo) { + this(key, null, algo); } - public PrivateKeyJwsSignatureProvider(PrivateKey key, AlgorithmParameterSpec spec) { - this(key, null, spec); + public PrivateKeyJwsSignatureProvider(PrivateKey key, AlgorithmParameterSpec spec, String algo) { + this(key, null, spec, algo); } public PrivateKeyJwsSignatureProvider(PrivateKey key, SecureRandom random, - AlgorithmParameterSpec spec) { - this(key, random, spec, SUPPORTED_ALGORITHMS); + AlgorithmParameterSpec spec, String algo) { + this(key, random, spec, SUPPORTED_ALGORITHMS, algo); } protected PrivateKeyJwsSignatureProvider(PrivateKey key, SecureRandom random, AlgorithmParameterSpec spec, - Set<String> supportedAlgorithms) { - super(supportedAlgorithms); + Set<String> supportedAlgorithms, + String algo) { + super(supportedAlgorithms, algo); this.key = key; this.random = random; this.signatureSpec = spec; http://git-wip-us.apache.org/repos/asf/cxf/blob/8adaa1d2/rt/rs/security/oauth-parent/oauth2-jwt/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsCompactReaderWriterTest.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsCompactReaderWriterTest.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsCompactReaderWriterTest.java index 3397e7e..5a08733 100644 --- a/rt/rs/security/oauth-parent/oauth2-jwt/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsCompactReaderWriterTest.java +++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsCompactReaderWriterTest.java @@ -94,7 +94,7 @@ public class JwsCompactReaderWriterTest extends Assert { public void testWriteJwsSignedByMacSpecExample() throws Exception { JwtHeaders headers = new JwtHeaders(Algorithm.HmacSHA256.getJwtName()); JwsCompactProducer jws = initSpecJwtTokenWriter(headers); - jws.signWith(new HmacJwsSignatureProvider(ENCODED_MAC_KEY)); + jws.signWith(new HmacJwsSignatureProvider(ENCODED_MAC_KEY, Algorithm.HmacSHA256.getJwtName())); assertEquals(ENCODED_TOKEN_SIGNED_BY_MAC, jws.getSignedEncodedJws()); @@ -125,7 +125,7 @@ public class JwsCompactReaderWriterTest extends Assert { @Test public void testReadJwsSignedByMacSpecExample() throws Exception { JwsJwtCompactConsumer jws = new JwsJwtCompactConsumer(ENCODED_TOKEN_SIGNED_BY_MAC); - assertTrue(jws.verifySignatureWith(new HmacJwsSignatureProvider(ENCODED_MAC_KEY))); + assertTrue(jws.verifySignatureWith(new HmacJwsSignatureVerifier(ENCODED_MAC_KEY))); JwtToken token = jws.getJwtToken(); JwtHeaders headers = token.getHeaders(); assertEquals(JwtConstants.TYPE_JWT, headers.getType()); @@ -163,7 +163,7 @@ public class JwsCompactReaderWriterTest extends Assert { JwtToken token = new JwtToken(headers, claims); JwsCompactProducer jws = new JwsJwtCompactProducer(token, getWriter()); - jws.signWith(new HmacJwsSignatureProvider(ENCODED_MAC_KEY)); + jws.signWith(new HmacJwsSignatureProvider(ENCODED_MAC_KEY, Algorithm.HmacSHA256.getJwtName())); assertEquals(ENCODED_TOKEN_WITH_JSON_KEY_SIGNED_BY_MAC, jws.getSignedEncodedJws()); } @@ -171,7 +171,7 @@ public class JwsCompactReaderWriterTest extends Assert { @Test public void testReadJwsWithJwkSignedByMac() throws Exception { JwsJwtCompactConsumer jws = new JwsJwtCompactConsumer(ENCODED_TOKEN_WITH_JSON_KEY_SIGNED_BY_MAC); - assertTrue(jws.verifySignatureWith(new HmacJwsSignatureProvider(ENCODED_MAC_KEY))); + assertTrue(jws.verifySignatureWith(new HmacJwsSignatureVerifier(ENCODED_MAC_KEY))); JwtToken token = jws.getJwtToken(); JwtHeaders headers = token.getHeaders(); assertEquals(JwtConstants.TYPE_JWT, headers.getType()); @@ -199,7 +199,7 @@ public class JwsCompactReaderWriterTest extends Assert { headers.setAlgorithm(Algorithm.SHA256withRSA.getJwtName()); JwsCompactProducer jws = initSpecJwtTokenWriter(headers); PrivateKey key = CryptoUtils.getRSAPrivateKey(RSA_MODULUS_ENCODED, RSA_PRIVATE_EXPONENT_ENCODED); - jws.signWith(new PrivateKeyJwsSignatureProvider(key)); + jws.signWith(new PrivateKeyJwsSignatureProvider(key, Algorithm.SHA256withRSA.getJwtName())); assertEquals(ENCODED_TOKEN_SIGNED_BY_PRIVATE_KEY, jws.getSignedEncodedJws()); } @@ -211,7 +211,7 @@ public class JwsCompactReaderWriterTest extends Assert { JwsCompactProducer jws = initSpecJwtTokenWriter(headers); ECPrivateKey privateKey = CryptoUtils.getECPrivateKey(JsonWebKey.EC_CURVE_P256, EC_PRIVATE_KEY_ENCODED); - jws.signWith(new EcDsaJwsSignatureProvider(privateKey)); + jws.signWith(new EcDsaJwsSignatureProvider(privateKey, Algorithm.SHA256withECDSA.getJwtName())); String signedJws = jws.getSignedEncodedJws(); ECPublicKey publicKey = CryptoUtils.getECPublicKey(JsonWebKey.EC_CURVE_P256, http://git-wip-us.apache.org/repos/asf/cxf/blob/8adaa1d2/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JAXRSJweJwsTest.java ---------------------------------------------------------------------- diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JAXRSJweJwsTest.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JAXRSJweJwsTest.java index 12fe555..721ef90 100644 --- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JAXRSJweJwsTest.java +++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JAXRSJweJwsTest.java @@ -161,8 +161,8 @@ public class JAXRSJweJwsTest extends AbstractBusClientServerTestBase { @Test public void testJweRsaJwsHMac() throws Exception { String address = "https://localhost:"; + PORT + "/jwejwshmac"; - HmacJwsSignatureProvider hmacProvider = new HmacJwsSignatureProvider(ENCODED_MAC_KEY); - hmacProvider.setDefaultJwtAlgorithm(Algorithm.HmacSHA256.getJwtName()); + HmacJwsSignatureProvider hmacProvider = + new HmacJwsSignatureProvider(ENCODED_MAC_KEY, Algorithm.HmacSHA256.getJwtName()); doTestJweJwsRsa(address, hmacProvider); } http://git-wip-us.apache.org/repos/asf/cxf/blob/8adaa1d2/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/server.xml ---------------------------------------------------------------------- diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/server.xml b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/server.xml index e93cb09..02ecc81 100644 --- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/server.xml +++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/server.xml @@ -72,7 +72,7 @@ under the License. <property name="encryptionProvider" ref="aesCbcHmacEncryption"/> </bean> - <bean id="hmacSigVerifier" class="org.apache.cxf.rs.security.jose.jws.HmacJwsSignatureProvider"> + <bean id="hmacSigVerifier" class="org.apache.cxf.rs.security.jose.jws.HmacJwsSignatureVerifier"> <constructor-arg value="AyM1SysPpbyDfgZld3umj1qzKObwVMkoqQ-EstJQLr_T-1qS0gZH75aKtMN3Yj0iPS4hcgUuTwjAzZr1Z9CAow"/> </bean> <bean id="jwsHmacInFilter" class="org.apache.cxf.rs.security.jose.jaxrs.JwsContainerRequestFilter">
