Repository: cxf Updated Branches: refs/heads/3.0.x-fixes e5f57abcc -> 2e5f5a13b
http://git-wip-us.apache.org/repos/asf/cxf/blob/2e5f5a13/rt/rs/security/oauth-parent/oauth2-jwt/src/test/java/org/apache/cxf/rs/security/jose/jwk/JsonWebKeyTest.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/test/java/org/apache/cxf/rs/security/jose/jwk/JsonWebKeyTest.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/test/java/org/apache/cxf/rs/security/jose/jwk/JsonWebKeyTest.java deleted file mode 100644 index d0fadf3..0000000 --- a/rt/rs/security/oauth-parent/oauth2-jwt/src/test/java/org/apache/cxf/rs/security/jose/jwk/JsonWebKeyTest.java +++ /dev/null @@ -1,222 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package org.apache.cxf.rs.security.jose.jwk; - -import java.io.InputStream; -import java.security.Security; -import java.util.List; -import java.util.Map; - -import org.apache.cxf.helpers.IOUtils; -import org.apache.cxf.rs.security.jose.jwa.Algorithm; -import org.apache.cxf.rs.security.jose.jwe.JweCompactConsumer; -import org.apache.cxf.rs.security.jose.jwt.JwtConstants; -import org.bouncycastle.jce.provider.BouncyCastleProvider; - -import org.junit.Assert; -import org.junit.Test; - -public class JsonWebKeyTest extends Assert { - private static final String RSA_MODULUS_VALUE = "0vx7agoebGcQSuuPiLJXZptN9nndrQmbXEps2aiAFbWhM78LhWx4cbbfAAt" - + "VT86zwu1RK7aPFFxuhDR1L6tSoc_BJECPebWKRXjBZCiFV4n3oknjhMstn64tZ_2W-5JsGY4Hc5n9yBXArwl93lqt7_RN5w6Cf" - + "0h4QyQ5v-65YGjQR0_FDW2QvzqY368QQMicAtaSqzs8KJZgnYb9c7d0zgdAZHzu6qMQvRL5hajrn1n91CbOpbISD08qNLyrdkt" - + "-bFTWhAI4vMQFh6WeZu0fM4lFd2NcRwr3XPksINHaQ-G_xBniIqbw0Ls1jF44-csFCur-kEgU8awapJzKnqDKgw"; - private static final String RSA_PUBLIC_EXP_VALUE = "AQAB"; - private static final String RSA_PRIVATE_EXP_VALUE = "X4cTteJY_gn4FYPsXB8rdXix5vwsg1FLN5E3EaG6RJoVH-HLLKD9M7d" - + "x5oo7GURknchnrRweUkC7hT5fJLM0WbFAKNLWY2vv7B6NqXSzUvxT0_YSfqijwp3RTzlBaCxWp4doFk5N2o8Gy_nHNKroADIkJ4" - + "6pRUohsXywbReAdYaMwFs9tv8d_cPVY3i07a3t8MN6TNwm0dSawm9v47UiCl3Sk5ZiG7xojPLu4sbg1U2jx4IBTNBznbJSzFHK66" - + "jT8bgkuqsk0GjskDJk19Z4qwjwbsnn4j2WBii3RL-Us2lGVkY8fkFzme1z0HbIkfz0Y6mqnOYtqc0X4jfcKoAC8Q"; - private static final String RSA_FIRST_PRIME_FACTOR_VALUE = "83i-7IvMGXoMXCskv73TKr8637FiO7Z27zv8oj6pbWUQyLPQ" - + "BQxtPVnwD20R-60eTDmD2ujnMt5PoqMrm8RfmNhVWDtjjMmCMjOpSXicFHj7XOuVIYQyqVWlWEh6dN36GVZYk93N8Bc9vY41xy8B9" - + "RzzOGVQzXvNEvn7O0nVbfs"; - private static final String RSA_SECOND_PRIME_FACTOR_VALUE = "3dfOR9cuYq-0S-mkFLzgItgMEfFzB2q3hWehMuG0oCuqnb3" - + "vobLyumqjVZQO1dIrdwgTnCdpYzBcOfW5r370AFXjiWft_NGEiovonizhKpo9VVS78TzFgxkIdrecRezsZ-1kYd_s1qDbxtkDEgfA" - + "ITAG9LUnADun4vIcb6yelxk"; - private static final String RSA_FIRST_PRIME_CRT_VALUE = "G4sPXkc6Ya9y8oJW9_ILj4xuppu0lzi_H7VTkS8xj5SdX3coE0o" - + "imYwxIi2emTAue0UOa5dpgFGyBJ4c8tQ2VF402XRugKDTP8akYhFo5tAA77Qe_NmtuYZc3C3m3I24G2GvR5sSDxUyAN2zq8Lfn9EUm" - + "s6rY3Ob8YeiKkTiBj0"; - private static final String RSA_SECOND_PRIME_CRT_VALUE = "s9lAH9fggBsoFR8Oac2R_E2gw282rT2kGOAhvIllETE1efrA6hu" - + "UUvMfBcMpn8lqeW6vzznYY5SSQF7pMdC_agI3nG8Ibp1BUb0JUiraRNqUfLhcQb_d9GF4Dh7e74WbRsobRonujTYN1xCaP6TO61jvW" - + "rX-L18txXw494Q_cgk"; - private static final String RSA_FIRST_CRT_COEFFICIENT_VALUE = "GyM_p6JrXySiz1toFgKbWV-JdI3jQ4ypu9rbMWx3rQJBfm" - + "t0FoYzgUIZEVFEcOqwemRN81zoDAaa-Bk0KWNGDjJHZDdDmFhW3AN7lI-puxk_mHZGJ11rxyR8O55XLSe3SPmRfKwZI6yU24ZxvQKF" - + "YItdldUKGzO6Ia6zTKhAVRU"; - private static final String RSA_KID_VALUE = "2011-04-29"; - private static final String EC_CURVE_VALUE = JsonWebKey.EC_CURVE_P256; - private static final String EC_X_COORDINATE_VALUE = "MKBCTNIcKUSDii11ySs3526iDZ8AiTo7Tu6KPAqv7D4"; - private static final String EC_Y_COORDINATE_VALUE = "4Etl6SRW2YiLUrN5vfvVHuhp7x8PxltmWWlbbM4IFyM"; - private static final String EC_PRIVATE_KEY_VALUE = "870MB6gfuTJ4HtUnUvYMyJpr5eUZNP4Bk43bVdj3eAE"; - private static final String EC_KID_VALUE = "1"; - private static final String AES_SECRET_VALUE = "GawgguFyGrWKav7AX4VKUg"; - private static final String AES_KID_VALUE = "AesWrapKey"; - private static final String HMAC_SECRET_VALUE = "AyM1SysPpbyDfgZld3umj1qzKObwVMkoqQ-EstJQLr_T-1qS0gZH75aKtMN3" - + "Yj0iPS4hcgUuTwjAzZr1Z9CAow"; - private static final String HMAC_KID_VALUE = "HMACKey"; - - @Test - public void testPublicSetAsList() throws Exception { - JsonWebKeys jwks = readKeySet("jwkPublicSet.txt"); - List<JsonWebKey> keys = jwks.getKeys(); - assertEquals(2, keys.size()); - - JsonWebKey ecKey = keys.get(0); - assertEquals(6, ecKey.asMap().size()); - validatePublicEcKey(ecKey); - JsonWebKey rsaKey = keys.get(1); - assertEquals(5, rsaKey.asMap().size()); - validatePublicRsaKey(rsaKey); - } - - @Test - public void testPublicSetAsMap() throws Exception { - JsonWebKeys jwks = readKeySet("jwkPublicSet.txt"); - Map<String, JsonWebKey> keysMap = jwks.getKeyIdMap(); - assertEquals(2, keysMap.size()); - - JsonWebKey rsaKey = keysMap.get(RSA_KID_VALUE); - assertEquals(5, rsaKey.asMap().size()); - validatePublicRsaKey(rsaKey); - JsonWebKey ecKey = keysMap.get(EC_KID_VALUE); - assertEquals(6, ecKey.asMap().size()); - validatePublicEcKey(ecKey); - } - - @Test - public void testPrivateSetAsList() throws Exception { - JsonWebKeys jwks = readKeySet("jwkPrivateSet.txt"); - validatePrivateSet(jwks); - } - private void validatePrivateSet(JsonWebKeys jwks) throws Exception { - List<JsonWebKey> keys = jwks.getKeys(); - assertEquals(2, keys.size()); - - JsonWebKey ecKey = keys.get(0); - assertEquals(7, ecKey.asMap().size()); - validatePrivateEcKey(ecKey); - JsonWebKey rsaKey = keys.get(1); - assertEquals(11, rsaKey.asMap().size()); - validatePrivateRsaKey(rsaKey); - } - @Test - public void testEncryptDecryptPrivateSet() throws Exception { - Security.addProvider(new BouncyCastleProvider()); - try { - JsonWebKeys jwks = readKeySet("jwkPrivateSet.txt"); - validatePrivateSet(jwks); - String encryptedKeySet = JwkUtils.encryptJwkSet(jwks, "password".toCharArray()); - JweCompactConsumer c = new JweCompactConsumer(encryptedKeySet); - assertEquals("jwk-set+json", c.getJweHeaders().getContentType()); - assertEquals(Algorithm.PBES2_HS256_A128KW.getJwtName(), c.getJweHeaders().getKeyEncryptionAlgorithm()); - assertEquals(Algorithm.A128CBC_HS256.getJwtName(), c.getJweHeaders().getContentEncryptionAlgorithm()); - assertNotNull(c.getJweHeaders().getHeader("p2s")); - assertNotNull(c.getJweHeaders().getHeader("p2c")); - jwks = JwkUtils.decryptJwkSet(encryptedKeySet, "password".toCharArray()); - validatePrivateSet(jwks); - } finally { - Security.removeProvider(BouncyCastleProvider.class.getName()); - } - } - @Test - public void testEncryptDecryptPrivateKey() throws Exception { - final String key = "{\"kty\":\"oct\"," - + "\"alg\":\"A128KW\"," - + "\"k\":\"GawgguFyGrWKav7AX4VKUg\"," - + "\"kid\":\"AesWrapKey\"}"; - Security.addProvider(new BouncyCastleProvider()); - try { - JsonWebKey jwk = readKey(key); - validateSecretAesKey(jwk); - String encryptedKey = JwkUtils.encryptJwkKey(jwk, "password".toCharArray()); - JweCompactConsumer c = new JweCompactConsumer(encryptedKey); - assertEquals("jwk+json", c.getJweHeaders().getContentType()); - assertEquals(Algorithm.PBES2_HS256_A128KW.getJwtName(), c.getJweHeaders().getKeyEncryptionAlgorithm()); - assertEquals(Algorithm.A128CBC_HS256.getJwtName(), c.getJweHeaders().getContentEncryptionAlgorithm()); - assertNotNull(c.getJweHeaders().getHeader("p2s")); - assertNotNull(c.getJweHeaders().getHeader("p2c")); - jwk = JwkUtils.decryptJwkKey(encryptedKey, "password".toCharArray()); - validateSecretAesKey(jwk); - } finally { - Security.removeProvider(BouncyCastleProvider.class.getName()); - } - } - - @Test - public void testSecretSetAsList() throws Exception { - JsonWebKeys jwks = readKeySet("jwkSecretSet.txt"); - List<JsonWebKey> keys = jwks.getKeys(); - assertEquals(2, keys.size()); - JsonWebKey aesKey = keys.get(0); - assertEquals(4, aesKey.asMap().size()); - validateSecretAesKey(aesKey); - JsonWebKey hmacKey = keys.get(1); - assertEquals(4, hmacKey.asMap().size()); - validateSecretHmacKey(hmacKey); - } - - private void validateSecretAesKey(JsonWebKey key) { - assertEquals(AES_SECRET_VALUE, key.getProperty(JsonWebKey.OCTET_KEY_VALUE)); - assertEquals(AES_KID_VALUE, key.getKid()); - assertEquals(JsonWebKey.KEY_TYPE_OCTET, key.getKeyType()); - assertEquals(JwtConstants.A128KW_ALGO, key.getAlgorithm()); - } - private void validateSecretHmacKey(JsonWebKey key) { - assertEquals(HMAC_SECRET_VALUE, key.getProperty(JsonWebKey.OCTET_KEY_VALUE)); - assertEquals(HMAC_KID_VALUE, key.getKid()); - assertEquals(JsonWebKey.KEY_TYPE_OCTET, key.getKeyType()); - assertEquals(JwtConstants.HMAC_SHA_256_ALGO, key.getAlgorithm()); - } - - private void validatePublicRsaKey(JsonWebKey key) { - assertEquals(RSA_MODULUS_VALUE, key.getProperty(JsonWebKey.RSA_MODULUS)); - assertEquals(RSA_PUBLIC_EXP_VALUE, key.getProperty(JsonWebKey.RSA_PUBLIC_EXP)); - assertEquals(RSA_KID_VALUE, key.getKid()); - assertEquals(JsonWebKey.KEY_TYPE_RSA, key.getKeyType()); - assertEquals(JwtConstants.RS_SHA_256_ALGO, key.getAlgorithm()); - } - private void validatePrivateRsaKey(JsonWebKey key) { - validatePublicRsaKey(key); - assertEquals(RSA_PRIVATE_EXP_VALUE, key.getProperty(JsonWebKey.RSA_PRIVATE_EXP)); - assertEquals(RSA_FIRST_PRIME_FACTOR_VALUE, key.getProperty(JsonWebKey.RSA_FIRST_PRIME_FACTOR)); - assertEquals(RSA_SECOND_PRIME_FACTOR_VALUE, key.getProperty(JsonWebKey.RSA_SECOND_PRIME_FACTOR)); - assertEquals(RSA_FIRST_PRIME_CRT_VALUE, key.getProperty(JsonWebKey.RSA_FIRST_PRIME_CRT)); - assertEquals(RSA_SECOND_PRIME_CRT_VALUE, key.getProperty(JsonWebKey.RSA_SECOND_PRIME_CRT)); - assertEquals(RSA_FIRST_CRT_COEFFICIENT_VALUE, key.getProperty(JsonWebKey.RSA_FIRST_CRT_COEFFICIENT)); - } - private void validatePublicEcKey(JsonWebKey key) { - assertEquals(EC_X_COORDINATE_VALUE, key.getProperty(JsonWebKey.EC_X_COORDINATE)); - assertEquals(EC_Y_COORDINATE_VALUE, key.getProperty(JsonWebKey.EC_Y_COORDINATE)); - assertEquals(EC_KID_VALUE, key.getKid()); - assertEquals(JsonWebKey.KEY_TYPE_ELLIPTIC, key.getKeyType()); - assertEquals(EC_CURVE_VALUE, key.getProperty(JsonWebKey.EC_CURVE)); - assertEquals(JsonWebKey.PUBLIC_KEY_USE_ENCRYPT, key.getPublicKeyUse()); - } - private void validatePrivateEcKey(JsonWebKey key) { - validatePublicEcKey(key); - assertEquals(EC_PRIVATE_KEY_VALUE, key.getProperty(JsonWebKey.EC_PRIVATE_KEY)); - } - - public JsonWebKeys readKeySet(String fileName) throws Exception { - InputStream is = JsonWebKeyTest.class.getResourceAsStream(fileName); - String s = IOUtils.readStringFromStream(is); - return JwkUtils.readJwkSet(s); - } - public JsonWebKey readKey(String key) throws Exception { - return JwkUtils.readJwkKey(key); - } -} http://git-wip-us.apache.org/repos/asf/cxf/blob/2e5f5a13/rt/rs/security/oauth-parent/oauth2-jwt/src/test/java/org/apache/cxf/rs/security/jose/jwk/jwkPrivateSet.txt ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/test/java/org/apache/cxf/rs/security/jose/jwk/jwkPrivateSet.txt b/rt/rs/security/oauth-parent/oauth2-jwt/src/test/java/org/apache/cxf/rs/security/jose/jwk/jwkPrivateSet.txt deleted file mode 100644 index cb30c04..0000000 --- a/rt/rs/security/oauth-parent/oauth2-jwt/src/test/java/org/apache/cxf/rs/security/jose/jwk/jwkPrivateSet.txt +++ /dev/null @@ -1,23 +0,0 @@ -{"keys": - [ - {"kty":"EC", - "crv":"P-256", - "x":"MKBCTNIcKUSDii11ySs3526iDZ8AiTo7Tu6KPAqv7D4", - "y":"4Etl6SRW2YiLUrN5vfvVHuhp7x8PxltmWWlbbM4IFyM", - "d":"870MB6gfuTJ4HtUnUvYMyJpr5eUZNP4Bk43bVdj3eAE", - "use":"enc", - "kid":"1"}, - - {"kty":"RSA", - "n":"0vx7agoebGcQSuuPiLJXZptN9nndrQmbXEps2aiAFbWhM78LhWx4cbbfAAtVT86zwu1RK7aPFFxuhDR1L6tSoc_BJECPebWKRXjBZCiFV4n3oknjhMstn64tZ_2W-5JsGY4Hc5n9yBXArwl93lqt7_RN5w6Cf0h4QyQ5v-65YGjQR0_FDW2QvzqY368QQMicAtaSqzs8KJZgnYb9c7d0zgdAZHzu6qMQvRL5hajrn1n91CbOpbISD08qNLyrdkt-bFTWhAI4vMQFh6WeZu0fM4lFd2NcRwr3XPksINHaQ-G_xBniIqbw0Ls1jF44-csFCur-kEgU8awapJzKnqDKgw", - "e":"AQAB", - "d":"X4cTteJY_gn4FYPsXB8rdXix5vwsg1FLN5E3EaG6RJoVH-HLLKD9M7dx5oo7GURknchnrRweUkC7hT5fJLM0WbFAKNLWY2vv7B6NqXSzUvxT0_YSfqijwp3RTzlBaCxWp4doFk5N2o8Gy_nHNKroADIkJ46pRUohsXywbReAdYaMwFs9tv8d_cPVY3i07a3t8MN6TNwm0dSawm9v47UiCl3Sk5ZiG7xojPLu4sbg1U2jx4IBTNBznbJSzFHK66jT8bgkuqsk0GjskDJk19Z4qwjwbsnn4j2WBii3RL-Us2lGVkY8fkFzme1z0HbIkfz0Y6mqnOYtqc0X4jfcKoAC8Q", - "p":"83i-7IvMGXoMXCskv73TKr8637FiO7Z27zv8oj6pbWUQyLPQBQxtPVnwD20R-60eTDmD2ujnMt5PoqMrm8RfmNhVWDtjjMmCMjOpSXicFHj7XOuVIYQyqVWlWEh6dN36GVZYk93N8Bc9vY41xy8B9RzzOGVQzXvNEvn7O0nVbfs", - "q":"3dfOR9cuYq-0S-mkFLzgItgMEfFzB2q3hWehMuG0oCuqnb3vobLyumqjVZQO1dIrdwgTnCdpYzBcOfW5r370AFXjiWft_NGEiovonizhKpo9VVS78TzFgxkIdrecRezsZ-1kYd_s1qDbxtkDEgfAITAG9LUnADun4vIcb6yelxk", - "dp":"G4sPXkc6Ya9y8oJW9_ILj4xuppu0lzi_H7VTkS8xj5SdX3coE0oimYwxIi2emTAue0UOa5dpgFGyBJ4c8tQ2VF402XRugKDTP8akYhFo5tAA77Qe_NmtuYZc3C3m3I24G2GvR5sSDxUyAN2zq8Lfn9EUms6rY3Ob8YeiKkTiBj0", - "dq":"s9lAH9fggBsoFR8Oac2R_E2gw282rT2kGOAhvIllETE1efrA6huUUvMfBcMpn8lqeW6vzznYY5SSQF7pMdC_agI3nG8Ibp1BUb0JUiraRNqUfLhcQb_d9GF4Dh7e74WbRsobRonujTYN1xCaP6TO61jvWrX-L18txXw494Q_cgk", - "qi":"GyM_p6JrXySiz1toFgKbWV-JdI3jQ4ypu9rbMWx3rQJBfmt0FoYzgUIZEVFEcOqwemRN81zoDAaa-Bk0KWNGDjJHZDdDmFhW3AN7lI-puxk_mHZGJ11rxyR8O55XLSe3SPmRfKwZI6yU24ZxvQKFYItdldUKGzO6Ia6zTKhAVRU", - "alg":"RS256", - "kid":"2011-04-29"} - ] - } http://git-wip-us.apache.org/repos/asf/cxf/blob/2e5f5a13/rt/rs/security/oauth-parent/oauth2-jwt/src/test/java/org/apache/cxf/rs/security/jose/jwk/jwkPublicSet.txt ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/test/java/org/apache/cxf/rs/security/jose/jwk/jwkPublicSet.txt b/rt/rs/security/oauth-parent/oauth2-jwt/src/test/java/org/apache/cxf/rs/security/jose/jwk/jwkPublicSet.txt deleted file mode 100644 index 5a4a839..0000000 --- a/rt/rs/security/oauth-parent/oauth2-jwt/src/test/java/org/apache/cxf/rs/security/jose/jwk/jwkPublicSet.txt +++ /dev/null @@ -1,17 +0,0 @@ -{"keys": - [ - {"kty":"EC", - "crv":"P-256", - "x":"MKBCTNIcKUSDii11ySs3526iDZ8AiTo7Tu6KPAqv7D4", - "y":"4Etl6SRW2YiLUrN5vfvVHuhp7x8PxltmWWlbbM4IFyM", - "use":"enc", - "kid":"1"}, - - {"kty":"RSA", - "n": "0vx7agoebGcQSuuPiLJXZptN9nndrQmbXEps2aiAFbWhM78LhWx4cbbfAAtVT86zwu1RK7aPFFxuhDR1L6tSoc_BJECPebWKRXjBZCiFV4n3oknjhMstn64tZ_2W-5JsGY4Hc5n9yBXArwl93lqt7_RN5w6Cf0h4QyQ5v-65YGjQR0_FDW2QvzqY368QQMicAtaSqzs8KJZgnYb9c7d0zgdAZHzu6qMQvRL5hajrn1n91CbOpbISD08qNLyrdkt-bFTWhAI4vMQFh6WeZu0fM4lFd2NcRwr3XPksINHaQ-G_xBniIqbw0Ls1jF44-csFCur-kEgU8awapJzKnqDKgw", - "e":"AQAB", - "alg":"RS256", - "kid":"2011-04-29"} - - ] - } \ No newline at end of file http://git-wip-us.apache.org/repos/asf/cxf/blob/2e5f5a13/rt/rs/security/oauth-parent/oauth2-jwt/src/test/java/org/apache/cxf/rs/security/jose/jwk/jwkSecretSet.txt ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/test/java/org/apache/cxf/rs/security/jose/jwk/jwkSecretSet.txt b/rt/rs/security/oauth-parent/oauth2-jwt/src/test/java/org/apache/cxf/rs/security/jose/jwk/jwkSecretSet.txt deleted file mode 100644 index 6520c75..0000000 --- a/rt/rs/security/oauth-parent/oauth2-jwt/src/test/java/org/apache/cxf/rs/security/jose/jwk/jwkSecretSet.txt +++ /dev/null @@ -1,13 +0,0 @@ -{"keys": - [ - {"kty":"oct", - "alg":"A128KW", - "k":"GawgguFyGrWKav7AX4VKUg", - "kid":"AesWrapKey"}, - - {"kty":"oct", - "alg":"HS256", - "k":"AyM1SysPpbyDfgZld3umj1qzKObwVMkoqQ-EstJQLr_T-1qS0gZH75aKtMN3Yj0iPS4hcgUuTwjAzZr1Z9CAow", - "kid":"HMACKey"} - ] - } \ No newline at end of file http://git-wip-us.apache.org/repos/asf/cxf/blob/2e5f5a13/rt/rs/security/oauth-parent/oauth2-jwt/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsCompactReaderWriterTest.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsCompactReaderWriterTest.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsCompactReaderWriterTest.java deleted file mode 100644 index 5a08733..0000000 --- a/rt/rs/security/oauth-parent/oauth2-jwt/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsCompactReaderWriterTest.java +++ /dev/null @@ -1,256 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package org.apache.cxf.rs.security.jose.jws; - -import java.security.PrivateKey; -import java.security.interfaces.ECPrivateKey; -import java.security.interfaces.ECPublicKey; -import java.security.interfaces.RSAPublicKey; -import java.util.Arrays; -import java.util.LinkedHashMap; -import java.util.List; -import java.util.Map; - -import org.apache.cxf.rs.security.jose.jwa.Algorithm; -import org.apache.cxf.rs.security.jose.jwk.JsonWebKey; -import org.apache.cxf.rs.security.jose.jwt.JwtClaims; -import org.apache.cxf.rs.security.jose.jwt.JwtConstants; -import org.apache.cxf.rs.security.jose.jwt.JwtHeaders; -import org.apache.cxf.rs.security.jose.jwt.JwtToken; -import org.apache.cxf.rs.security.jose.jwt.JwtTokenReaderWriter; -import org.apache.cxf.rs.security.jose.jwt.JwtTokenWriter; -import org.apache.cxf.rs.security.oauth2.utils.crypto.CryptoUtils; - -import org.junit.Assert; -import org.junit.Test; - -public class JwsCompactReaderWriterTest extends Assert { - - public static final String ENCODED_TOKEN_SIGNED_BY_MAC = - "eyJ0eXAiOiJKV1QiLA0KICJhbGciOiJIUzI1NiJ9" - + ".eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ" - + ".dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXk"; - - - private static final String ENCODED_MAC_KEY = "AyM1SysPpbyDfgZld3umj1qzKObwVMkoqQ-EstJQLr_T-1qS0gZH75" - + "aKtMN3Yj0iPS4hcgUuTwjAzZr1Z9CAow"; - - private static final String ENCODED_TOKEN_WITH_JSON_KEY_SIGNED_BY_MAC = - "eyJ0eXAiOiJKV1QiLA0KICJhbGciOiJIU" - + "zI1NiIsDQogImp3ayI6eyJrdHkiOiJvY3QiLA0KICJrZXlfb3BzIjpbDQogInNpZ24iLA0KICJ2ZXJpZnkiDQogXX19" - + ".eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ" - + ".8cFZqb15gEDYRZqSzUu23nQnKNynru1ADByRPvmmOq8"; - - private static final String RSA_MODULUS_ENCODED = "ofgWCuLjybRlzo0tZWJjNiuSfb4p4fAkd_wWJcyQoTbji9k0l8W26mPddx" - + "HmfHQp-Vaw-4qPCJrcS2mJPMEzP1Pt0Bm4d4QlL-yRT-SFd2lZS-pCgNMs" - + "D1W_YpRPEwOWvG6b32690r2jZ47soMZo9wGzjb_7OMg0LOL-bSf63kpaSH" - + "SXndS5z5rexMdbBYUsLA9e-KXBdQOS-UTo7WTBEMa2R2CapHg665xsmtdV" - + "MTBQY4uDZlxvb3qCo5ZwKh9kG4LT6_I5IhlJH7aGhyxXFvUK-DWNmoudF8" - + "NAco9_h9iaGNj8q2ethFkMLs91kzk2PAcDTW9gb54h4FRWyuXpoQ"; - private static final String RSA_PUBLIC_EXPONENT_ENCODED = "AQAB"; - private static final String RSA_PRIVATE_EXPONENT_ENCODED = - "Eq5xpGnNCivDflJsRQBXHx1hdR1k6Ulwe2JZD50LpXyWPEAeP88vLNO97I" - + "jlA7_GQ5sLKMgvfTeXZx9SE-7YwVol2NXOoAJe46sui395IW_GO-pWJ1O0" - + "BkTGoVEn2bKVRUCgu-GjBVaYLU6f3l9kJfFNS3E0QbVdxzubSu3Mkqzjkn" - + "439X0M_V51gfpRLI9JYanrC4D4qAdGcopV_0ZHHzQlBjudU2QvXt4ehNYT" - + "CBr6XCLQUShb1juUO1ZdiYoFaFQT5Tw8bGUl_x_jTj3ccPDVZFD9pIuhLh" - + "BOneufuBiB4cS98l2SR_RQyGWSeWjnczT0QU91p1DhOVRuOopznQ"; - private static final String ENCODED_TOKEN_SIGNED_BY_PRIVATE_KEY = - "eyJhbGciOiJSUzI1NiJ9" - + "." - + "eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFt" - + "cGxlLmNvbS9pc19yb290Ijp0cnVlfQ" - + "." - + "cC4hiUPoj9Eetdgtv3hF80EGrhuB__dzERat0XF9g2VtQgr9PJbu3XOiZj5RZmh7" - + "AAuHIm4Bh-0Qc_lF5YKt_O8W2Fp5jujGbds9uJdbF9CUAr7t1dnZcAcQjbKBYNX4" - + "BAynRFdiuB--f_nZLgrnbyTyWzO75vRK5h6xBArLIARNPvkSjtQBMHlb1L07Qe7K" - + "0GarZRmB_eSN9383LcOLn6_dO--xi12jzDwusC-eOkHWEsqtFZESc6BfI7noOPqv" - + "hJ1phCnvWh6IeYI2w9QOYEUipUTI8np6LbgGY9Fs98rqVt5AXLIhWkWywlVmtVrB" - + "p0igcN_IoypGlUPQGe77Rw"; - - private static final String EC_PRIVATE_KEY_ENCODED = - "jpsQnnGQmL-YBIffH1136cspYG6-0iY7X1fCE9-E9LI"; - private static final String EC_X_POINT_ENCODED = - "f83OJ3D2xF1Bg8vub9tLe1gHMzV76e8Tus9uPHvRVEU"; - private static final String EC_Y_POINT_ENCODED = - "x_FEzRu9m36HLN_tue659LNpXW6pCyStikYjKIWI5a0"; - @Test - public void testWriteJwsSignedByMacSpecExample() throws Exception { - JwtHeaders headers = new JwtHeaders(Algorithm.HmacSHA256.getJwtName()); - JwsCompactProducer jws = initSpecJwtTokenWriter(headers); - jws.signWith(new HmacJwsSignatureProvider(ENCODED_MAC_KEY, Algorithm.HmacSHA256.getJwtName())); - - assertEquals(ENCODED_TOKEN_SIGNED_BY_MAC, jws.getSignedEncodedJws()); - - } - - @Test - public void testWriteReadJwsUnsigned() throws Exception { - JwtHeaders headers = new JwtHeaders(JwtConstants.PLAIN_TEXT_ALGO); - - JwtClaims claims = new JwtClaims(); - claims.setIssuer("https://jwt-idp.example.com";); - claims.setSubject("mailto:[email protected]";); - claims.setAudience("https://jwt-rp.example.net";); - claims.setNotBefore(1300815780L); - claims.setExpiryTime(1300819380L); - claims.setClaim("http://claims.example.com/member";, true); - - JwsCompactProducer writer = new JwsJwtCompactProducer(headers, claims); - String signed = writer.getSignedEncodedJws(); - - JwsJwtCompactConsumer reader = new JwsJwtCompactConsumer(signed); - assertEquals(0, reader.getDecodedSignature().length); - - JwtToken token = reader.getJwtToken(); - assertEquals(new JwtToken(headers, claims), token); - } - - @Test - public void testReadJwsSignedByMacSpecExample() throws Exception { - JwsJwtCompactConsumer jws = new JwsJwtCompactConsumer(ENCODED_TOKEN_SIGNED_BY_MAC); - assertTrue(jws.verifySignatureWith(new HmacJwsSignatureVerifier(ENCODED_MAC_KEY))); - JwtToken token = jws.getJwtToken(); - JwtHeaders headers = token.getHeaders(); - assertEquals(JwtConstants.TYPE_JWT, headers.getType()); - assertEquals(Algorithm.HmacSHA256.getJwtName(), headers.getAlgorithm()); - validateSpecClaim(token.getClaims()); - } - - @Test - public void testWriteJwsWithJwkSignedByMac() throws Exception { - JsonWebKey key = new JsonWebKey(); - key.setKeyType(JsonWebKey.KEY_TYPE_OCTET); - key.setKeyOperation(Arrays.asList( - new String[]{JsonWebKey.KEY_OPER_SIGN, JsonWebKey.KEY_OPER_VERIFY})); - doTestWriteJwsWithJwkSignedByMac(key); - } - - @Test - public void testWriteJwsWithJwkAsMapSignedByMac() throws Exception { - Map<String, Object> map = new LinkedHashMap<String, Object>(); - map.put(JsonWebKey.KEY_TYPE, JsonWebKey.KEY_TYPE_OCTET); - map.put(JsonWebKey.KEY_OPERATIONS, - new String[]{JsonWebKey.KEY_OPER_SIGN, JsonWebKey.KEY_OPER_VERIFY}); - doTestWriteJwsWithJwkSignedByMac(map); - } - - private void doTestWriteJwsWithJwkSignedByMac(Object jsonWebKey) throws Exception { - JwtHeaders headers = new JwtHeaders(Algorithm.HmacSHA256.getJwtName()); - - headers.setHeader(JwtConstants.HEADER_JSON_WEB_KEY, jsonWebKey); - - JwtClaims claims = new JwtClaims(); - claims.setIssuer("joe"); - claims.setExpiryTime(1300819380L); - claims.setClaim("http://example.com/is_root";, Boolean.TRUE); - - JwtToken token = new JwtToken(headers, claims); - JwsCompactProducer jws = new JwsJwtCompactProducer(token, getWriter()); - jws.signWith(new HmacJwsSignatureProvider(ENCODED_MAC_KEY, Algorithm.HmacSHA256.getJwtName())); - - assertEquals(ENCODED_TOKEN_WITH_JSON_KEY_SIGNED_BY_MAC, jws.getSignedEncodedJws()); - } - - @Test - public void testReadJwsWithJwkSignedByMac() throws Exception { - JwsJwtCompactConsumer jws = new JwsJwtCompactConsumer(ENCODED_TOKEN_WITH_JSON_KEY_SIGNED_BY_MAC); - assertTrue(jws.verifySignatureWith(new HmacJwsSignatureVerifier(ENCODED_MAC_KEY))); - JwtToken token = jws.getJwtToken(); - JwtHeaders headers = token.getHeaders(); - assertEquals(JwtConstants.TYPE_JWT, headers.getType()); - assertEquals(Algorithm.HmacSHA256.getJwtName(), headers.getAlgorithm()); - - JsonWebKey key = headers.getJsonWebKey(); - assertEquals(JsonWebKey.KEY_TYPE_OCTET, key.getKeyType()); - List<String> keyOps = key.getKeyOperation(); - assertEquals(2, keyOps.size()); - assertEquals(JsonWebKey.KEY_OPER_SIGN, keyOps.get(0)); - assertEquals(JsonWebKey.KEY_OPER_VERIFY, keyOps.get(1)); - - validateSpecClaim(token.getClaims()); - } - - private void validateSpecClaim(JwtClaims claims) { - assertEquals("joe", claims.getIssuer()); - assertEquals(Long.valueOf(1300819380), claims.getExpiryTime()); - assertEquals(Boolean.TRUE, claims.getClaim("http://example.com/is_root";)); - } - - @Test - public void testWriteJwsSignedByPrivateKey() throws Exception { - JwtHeaders headers = new JwtHeaders(); - headers.setAlgorithm(Algorithm.SHA256withRSA.getJwtName()); - JwsCompactProducer jws = initSpecJwtTokenWriter(headers); - PrivateKey key = CryptoUtils.getRSAPrivateKey(RSA_MODULUS_ENCODED, RSA_PRIVATE_EXPONENT_ENCODED); - jws.signWith(new PrivateKeyJwsSignatureProvider(key, Algorithm.SHA256withRSA.getJwtName())); - - assertEquals(ENCODED_TOKEN_SIGNED_BY_PRIVATE_KEY, jws.getSignedEncodedJws()); - } - - @Test - public void testWriteReadJwsSignedByESPrivateKey() throws Exception { - JwtHeaders headers = new JwtHeaders(); - headers.setAlgorithm(Algorithm.SHA256withECDSA.getJwtName()); - JwsCompactProducer jws = initSpecJwtTokenWriter(headers); - ECPrivateKey privateKey = CryptoUtils.getECPrivateKey(JsonWebKey.EC_CURVE_P256, - EC_PRIVATE_KEY_ENCODED); - jws.signWith(new EcDsaJwsSignatureProvider(privateKey, Algorithm.SHA256withECDSA.getJwtName())); - String signedJws = jws.getSignedEncodedJws(); - - ECPublicKey publicKey = CryptoUtils.getECPublicKey(JsonWebKey.EC_CURVE_P256, - EC_X_POINT_ENCODED, - EC_Y_POINT_ENCODED); - JwsJwtCompactConsumer jwsConsumer = new JwsJwtCompactConsumer(signedJws); - assertTrue(jwsConsumer.verifySignatureWith(new PublicKeyJwsSignatureVerifier(publicKey))); - JwtToken token = jwsConsumer.getJwtToken(); - JwtHeaders headersReceived = token.getHeaders(); - assertEquals(Algorithm.SHA256withECDSA.getJwtName(), headersReceived.getAlgorithm()); - validateSpecClaim(token.getClaims()); - } - - @Test - public void testReadJwsSignedByPrivateKey() throws Exception { - JwsJwtCompactConsumer jws = new JwsJwtCompactConsumer(ENCODED_TOKEN_SIGNED_BY_PRIVATE_KEY); - RSAPublicKey key = CryptoUtils.getRSAPublicKey(RSA_MODULUS_ENCODED, RSA_PUBLIC_EXPONENT_ENCODED); - assertTrue(jws.verifySignatureWith(new PublicKeyJwsSignatureVerifier(key))); - JwtToken token = jws.getJwtToken(); - JwtHeaders headers = token.getHeaders(); - assertEquals(Algorithm.SHA256withRSA.getJwtName(), headers.getAlgorithm()); - validateSpecClaim(token.getClaims()); - } - - private JwsCompactProducer initSpecJwtTokenWriter(JwtHeaders headers) throws Exception { - - JwtClaims claims = new JwtClaims(); - claims.setIssuer("joe"); - claims.setExpiryTime(1300819380L); - claims.setClaim("http://example.com/is_root";, Boolean.TRUE); - - JwtToken token = new JwtToken(headers, claims); - return new JwsJwtCompactProducer(token, getWriter()); - } - - - private JwtTokenWriter getWriter() { - JwtTokenReaderWriter jsonWriter = new JwtTokenReaderWriter(); - jsonWriter.setFormat(true); - return jsonWriter; - } -} http://git-wip-us.apache.org/repos/asf/cxf/blob/2e5f5a13/rt/rs/security/oauth-parent/pom.xml ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/pom.xml b/rt/rs/security/oauth-parent/pom.xml index c59a4ec..8d5324f 100644 --- a/rt/rs/security/oauth-parent/pom.xml +++ b/rt/rs/security/oauth-parent/pom.xml @@ -39,6 +39,6 @@ <module>oauth</module> <module>oauth2</module> <module>oauth2-saml</module> - <module>oauth2-jwt</module> + <module>oauth2-jose</module> </modules> </project>
