Repository: cxf Updated Branches: refs/heads/master 85fdb62d0 -> 8d2b01805
http://git-wip-us.apache.org/repos/asf/cxf/blob/8d2b0180/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsCompactHeaderTest.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsCompactHeaderTest.java b/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsCompactHeaderTest.java index a6fc066..55b448a 100644 --- a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsCompactHeaderTest.java +++ b/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsCompactHeaderTest.java @@ -21,8 +21,8 @@ package org.apache.cxf.rs.security.jose.jws; import java.util.ArrayList; import java.util.List; -import org.apache.cxf.rs.security.jose.JoseConstants; -import org.apache.cxf.rs.security.jose.jwa.Algorithm; +import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils; +import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm; import org.junit.Assert; import org.junit.Test; @@ -121,7 +121,7 @@ public class JwsCompactHeaderTest extends Assert { JwsCompactConsumer jwsConsumer = new JwsCompactConsumer(MISSING_ALG_HEADER_FIELD_IN_JWS); assertFalse(jwsConsumer.verifySignatureWith(new HmacJwsSignatureVerifier(ENCODED_MAC_KEY, - Algorithm.HmacSHA256.getJwtName()))); + SignatureAlgorithm.HS256))); } @Test @@ -129,7 +129,7 @@ public class JwsCompactHeaderTest extends Assert { JwsCompactConsumer jwsConsumer = new JwsCompactConsumer(TWO_ALG_HEADER_FIELDS_IN_JWS_BOGUS_FIRST); assertFalse(jwsConsumer.verifySignatureWith(new HmacJwsSignatureVerifier(ENCODED_MAC_KEY, - Algorithm.HmacSHA256.getJwtName()))); + SignatureAlgorithm.HS256))); } @Test @@ -137,7 +137,7 @@ public class JwsCompactHeaderTest extends Assert { JwsCompactConsumer jwsConsumer = new JwsCompactConsumer(TWO_ALG_HEADER_FIELDS_IN_JWS_BOGUS_LAST); assertFalse(jwsConsumer.verifySignatureWith(new HmacJwsSignatureVerifier(ENCODED_MAC_KEY, - Algorithm.HmacSHA256.getJwtName()))); + SignatureAlgorithm.HS256))); } @Test @@ -147,10 +147,10 @@ public class JwsCompactHeaderTest extends Assert { JwsCompactConsumer jwsConsumerAltered = new JwsCompactConsumer(ALG_HEADER_VALUE_NONE_IN_JWS); assertTrue(jwsConsumerOriginal.verifySignatureWith(new HmacJwsSignatureVerifier(ENCODED_MAC_KEY, - Algorithm.HmacSHA256.getJwtName()))); + SignatureAlgorithm.HS256))); assertFalse(jwsConsumerAltered.verifySignatureWith(new HmacJwsSignatureVerifier(ENCODED_MAC_KEY, - Algorithm.HmacSHA256.getJwtName()))); + SignatureAlgorithm.HS256))); } @Test @@ -165,11 +165,11 @@ public class JwsCompactHeaderTest extends Assert { String criticalValue2 = "criticalValue2"; String criticalValue3 = "criticalValue3"; JwsCompactProducer producer = new JwsCompactProducer(payload); - producer.getJoseHeaders().setAlgorithm(JoseConstants.HMAC_SHA_512_ALGO); + producer.getJoseHeaders().setAlgorithm(AlgorithmUtils.HMAC_SHA_512_ALGO); List<String> criticalHeader = new ArrayList<String>(); criticalHeader.add(criticalParameter1); producer.getJoseHeaders().setCritical(criticalHeader); - producer.signWith(new HmacJwsSignatureProvider(ENCODED_MAC_KEY, Algorithm.HmacSHA256.getJwtName())); + producer.signWith(new HmacJwsSignatureProvider(ENCODED_MAC_KEY, SignatureAlgorithm.HS256)); String signedJws = producer.getSignedEncodedJws(); JwsCompactConsumer consumer = new JwsCompactConsumer(signedJws); assertFalse(consumer.validateCriticalHeaders()); @@ -177,12 +177,12 @@ public class JwsCompactHeaderTest extends Assert { criticalHeader.add(criticalParameter2); criticalHeader.add(criticalParameter3); producer = new JwsCompactProducer(payload); - producer.getJoseHeaders().setAlgorithm(JoseConstants.HMAC_SHA_512_ALGO); + producer.getJoseHeaders().setAlgorithm(AlgorithmUtils.HMAC_SHA_512_ALGO); producer.getJoseHeaders().setCritical(criticalHeader); producer.getJoseHeaders().setHeader(criticalParameter1, criticalValue1); producer.getJoseHeaders().setHeader(criticalParameter2, criticalValue2); producer.getJoseHeaders().setHeader(criticalParameter3, criticalValue3); - producer.signWith(new HmacJwsSignatureProvider(ENCODED_MAC_KEY, Algorithm.HmacSHA256.getJwtName())); + producer.signWith(new HmacJwsSignatureProvider(ENCODED_MAC_KEY, SignatureAlgorithm.HS256)); signedJws = producer.getSignedEncodedJws(); consumer = new JwsCompactConsumer(signedJws); assertTrue(consumer.validateCriticalHeaders()); @@ -191,10 +191,10 @@ public class JwsCompactHeaderTest extends Assert { criticalHeader.add(criticalParameter); criticalHeader.add(criticalParameter); producer = new JwsCompactProducer(payload); - producer.getJoseHeaders().setAlgorithm(JoseConstants.HMAC_SHA_512_ALGO); + producer.getJoseHeaders().setAlgorithm(AlgorithmUtils.HMAC_SHA_512_ALGO); producer.getJoseHeaders().setHeader(criticalParameter, criticalValue); producer.getJoseHeaders().setCritical(criticalHeader); - producer.signWith(new HmacJwsSignatureProvider(ENCODED_MAC_KEY, Algorithm.HmacSHA256.getJwtName())); + producer.signWith(new HmacJwsSignatureProvider(ENCODED_MAC_KEY, SignatureAlgorithm.HS256)); signedJws = producer.getSignedEncodedJws(); consumer = new JwsCompactConsumer(signedJws); assertFalse(consumer.validateCriticalHeaders()); http://git-wip-us.apache.org/repos/asf/cxf/blob/8d2b0180/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsCompactReaderWriterTest.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsCompactReaderWriterTest.java b/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsCompactReaderWriterTest.java index bdf4067..285705b 100644 --- a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsCompactReaderWriterTest.java +++ b/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsCompactReaderWriterTest.java @@ -31,7 +31,8 @@ import java.util.Map; import org.apache.cxf.common.util.crypto.CryptoUtils; import org.apache.cxf.rs.security.jose.JoseConstants; import org.apache.cxf.rs.security.jose.JoseHeaders; -import org.apache.cxf.rs.security.jose.jwa.Algorithm; +import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils; +import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm; import org.apache.cxf.rs.security.jose.jwk.JsonWebKey; import org.apache.cxf.rs.security.jose.jwt.JwtClaims; import org.apache.cxf.rs.security.jose.jwt.JwtToken; @@ -95,9 +96,9 @@ public class JwsCompactReaderWriterTest extends Assert { public void testWriteJwsSignedByMacSpecExample() throws Exception { JoseHeaders headers = new JoseHeaders(); headers.setType(JoseConstants.TYPE_JWT); - headers.setAlgorithm(Algorithm.HmacSHA256.getJwtName()); + headers.setAlgorithm(SignatureAlgorithm.HS256.getJwaName()); JwsCompactProducer jws = initSpecJwtTokenWriter(headers); - jws.signWith(new HmacJwsSignatureProvider(ENCODED_MAC_KEY, Algorithm.HmacSHA256.getJwtName())); + jws.signWith(new HmacJwsSignatureProvider(ENCODED_MAC_KEY, SignatureAlgorithm.HS256)); assertEquals(ENCODED_TOKEN_SIGNED_BY_MAC, jws.getSignedEncodedJws()); @@ -107,7 +108,7 @@ public class JwsCompactReaderWriterTest extends Assert { public void testWriteReadJwsUnsigned() throws Exception { JoseHeaders headers = new JoseHeaders(); headers.setType(JoseConstants.TYPE_JWT); - headers.setAlgorithm(JoseConstants.PLAIN_TEXT_ALGO); + headers.setAlgorithm(AlgorithmUtils.PLAIN_TEXT_ALGO); JwtClaims claims = new JwtClaims(); claims.setIssuer("https://jwt-idp.example.com";); @@ -131,11 +132,11 @@ public class JwsCompactReaderWriterTest extends Assert { public void testReadJwsSignedByMacSpecExample() throws Exception { JwsJwtCompactConsumer jws = new JwsJwtCompactConsumer(ENCODED_TOKEN_SIGNED_BY_MAC); assertTrue(jws.verifySignatureWith(new HmacJwsSignatureVerifier(ENCODED_MAC_KEY, - Algorithm.HmacSHA256.getJwtName()))); + SignatureAlgorithm.HS256))); JwtToken token = jws.getJwtToken(); JoseHeaders headers = token.getHeaders(); assertEquals(JoseConstants.TYPE_JWT, headers.getType()); - assertEquals(Algorithm.HmacSHA256.getJwtName(), headers.getAlgorithm()); + assertEquals(SignatureAlgorithm.HS256.getJwaName(), headers.getAlgorithm()); validateSpecClaim(token.getClaims()); } @@ -160,7 +161,7 @@ public class JwsCompactReaderWriterTest extends Assert { private void doTestWriteJwsWithJwkSignedByMac(Object jsonWebKey) throws Exception { JoseHeaders headers = new JoseHeaders(); headers.setType(JoseConstants.TYPE_JWT); - headers.setAlgorithm(Algorithm.HmacSHA256.getJwtName()); + headers.setAlgorithm(SignatureAlgorithm.HS256.getJwaName()); headers.setHeader(JoseConstants.HEADER_JSON_WEB_KEY, jsonWebKey); JwtClaims claims = new JwtClaims(); @@ -170,7 +171,7 @@ public class JwsCompactReaderWriterTest extends Assert { JwtToken token = new JwtToken(headers, claims); JwsCompactProducer jws = new JwsJwtCompactProducer(token, getWriter()); - jws.signWith(new HmacJwsSignatureProvider(ENCODED_MAC_KEY, Algorithm.HmacSHA256.getJwtName())); + jws.signWith(new HmacJwsSignatureProvider(ENCODED_MAC_KEY, SignatureAlgorithm.HS256)); assertEquals(ENCODED_TOKEN_WITH_JSON_KEY_SIGNED_BY_MAC, jws.getSignedEncodedJws()); } @@ -179,11 +180,11 @@ public class JwsCompactReaderWriterTest extends Assert { public void testReadJwsWithJwkSignedByMac() throws Exception { JwsJwtCompactConsumer jws = new JwsJwtCompactConsumer(ENCODED_TOKEN_WITH_JSON_KEY_SIGNED_BY_MAC); assertTrue(jws.verifySignatureWith(new HmacJwsSignatureVerifier(ENCODED_MAC_KEY, - Algorithm.HmacSHA256.getJwtName()))); + SignatureAlgorithm.HS256))); JwtToken token = jws.getJwtToken(); JoseHeaders headers = token.getHeaders(); assertEquals(JoseConstants.TYPE_JWT, headers.getType()); - assertEquals(Algorithm.HmacSHA256.getJwtName(), headers.getAlgorithm()); + assertEquals(SignatureAlgorithm.HS256.getJwaName(), headers.getAlgorithm()); JsonWebKey key = headers.getJsonWebKey(); assertEquals(JsonWebKey.KEY_TYPE_OCTET, key.getKeyType()); @@ -204,10 +205,10 @@ public class JwsCompactReaderWriterTest extends Assert { @Test public void testWriteJwsSignedByPrivateKey() throws Exception { JoseHeaders headers = new JoseHeaders(); - headers.setAlgorithm(Algorithm.SHA256withRSA.getJwtName()); + headers.setAlgorithm(SignatureAlgorithm.RS256.getJwaName()); JwsCompactProducer jws = initSpecJwtTokenWriter(headers); PrivateKey key = CryptoUtils.getRSAPrivateKey(RSA_MODULUS_ENCODED, RSA_PRIVATE_EXPONENT_ENCODED); - jws.signWith(new PrivateKeyJwsSignatureProvider(key, Algorithm.SHA256withRSA.getJwtName())); + jws.signWith(new PrivateKeyJwsSignatureProvider(key, SignatureAlgorithm.RS256)); assertEquals(ENCODED_TOKEN_SIGNED_BY_PRIVATE_KEY, jws.getSignedEncodedJws()); } @@ -216,19 +217,18 @@ public class JwsCompactReaderWriterTest extends Assert { Security.addProvider(new BouncyCastleProvider()); try { JoseHeaders outHeaders = new JoseHeaders(); - outHeaders.setAlgorithm(JoseConstants.PS_SHA_256_ALGO); + outHeaders.setAlgorithm(AlgorithmUtils.PS_SHA_256_ALGO); JwsCompactProducer producer = initSpecJwtTokenWriter(outHeaders); PrivateKey privateKey = CryptoUtils.getRSAPrivateKey(RSA_MODULUS_ENCODED, RSA_PRIVATE_EXPONENT_ENCODED); String signed = producer.signWith( - new PrivateKeyJwsSignatureProvider(privateKey, JoseConstants.PS_SHA_256_ALGO)); + new PrivateKeyJwsSignatureProvider(privateKey, SignatureAlgorithm.PS256)); JwsJwtCompactConsumer jws = new JwsJwtCompactConsumer(signed); RSAPublicKey key = CryptoUtils.getRSAPublicKey(RSA_MODULUS_ENCODED, RSA_PUBLIC_EXPONENT_ENCODED); - assertTrue(jws.verifySignatureWith(new PublicKeyJwsSignatureVerifier(key, - JoseConstants.PS_SHA_256_ALGO))); + assertTrue(jws.verifySignatureWith(new PublicKeyJwsSignatureVerifier(key, SignatureAlgorithm.PS256))); JwtToken token = jws.getJwtToken(); JoseHeaders inHeaders = token.getHeaders(); - assertEquals(JoseConstants.PS_SHA_256_ALGO, inHeaders.getAlgorithm()); + assertEquals(AlgorithmUtils.PS_SHA_256_ALGO, inHeaders.getAlgorithm()); validateSpecClaim(token.getClaims()); } finally { Security.removeProvider(BouncyCastleProvider.class.getName()); @@ -238,11 +238,11 @@ public class JwsCompactReaderWriterTest extends Assert { @Test public void testWriteReadJwsSignedByESPrivateKey() throws Exception { JoseHeaders headers = new JoseHeaders(); - headers.setAlgorithm(Algorithm.SHA256withECDSA.getJwtName()); + headers.setAlgorithm(SignatureAlgorithm.ES256.getJwaName()); JwsCompactProducer jws = initSpecJwtTokenWriter(headers); ECPrivateKey privateKey = CryptoUtils.getECPrivateKey(JsonWebKey.EC_CURVE_P256, EC_PRIVATE_KEY_ENCODED); - jws.signWith(new EcDsaJwsSignatureProvider(privateKey, Algorithm.SHA256withECDSA.getJwtName())); + jws.signWith(new EcDsaJwsSignatureProvider(privateKey, SignatureAlgorithm.ES256)); String signedJws = jws.getSignedEncodedJws(); ECPublicKey publicKey = CryptoUtils.getECPublicKey(JsonWebKey.EC_CURVE_P256, @@ -250,10 +250,10 @@ public class JwsCompactReaderWriterTest extends Assert { EC_Y_POINT_ENCODED); JwsJwtCompactConsumer jwsConsumer = new JwsJwtCompactConsumer(signedJws); assertTrue(jwsConsumer.verifySignatureWith(new EcDsaJwsSignatureVerifier(publicKey, - Algorithm.SHA256withECDSA.getJwtName()))); + SignatureAlgorithm.ES256))); JwtToken token = jwsConsumer.getJwtToken(); JoseHeaders headersReceived = token.getHeaders(); - assertEquals(Algorithm.SHA256withECDSA.getJwtName(), headersReceived.getAlgorithm()); + assertEquals(SignatureAlgorithm.ES256.getJwaName(), headersReceived.getAlgorithm()); validateSpecClaim(token.getClaims()); } @@ -261,11 +261,10 @@ public class JwsCompactReaderWriterTest extends Assert { public void testReadJwsSignedByPrivateKey() throws Exception { JwsJwtCompactConsumer jws = new JwsJwtCompactConsumer(ENCODED_TOKEN_SIGNED_BY_PRIVATE_KEY); RSAPublicKey key = CryptoUtils.getRSAPublicKey(RSA_MODULUS_ENCODED, RSA_PUBLIC_EXPONENT_ENCODED); - assertTrue(jws.verifySignatureWith(new PublicKeyJwsSignatureVerifier(key, - JoseConstants.RS_SHA_256_ALGO))); + assertTrue(jws.verifySignatureWith(new PublicKeyJwsSignatureVerifier(key, SignatureAlgorithm.RS256))); JwtToken token = jws.getJwtToken(); JoseHeaders headers = token.getHeaders(); - assertEquals(Algorithm.SHA256withRSA.getJwtName(), headers.getAlgorithm()); + assertEquals(SignatureAlgorithm.RS256.getJwaName(), headers.getAlgorithm()); validateSpecClaim(token.getClaims()); } http://git-wip-us.apache.org/repos/asf/cxf/blob/8d2b0180/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsJsonProducerTest.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsJsonProducerTest.java b/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsJsonProducerTest.java index fa94e46..00b8ed7 100644 --- a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsJsonProducerTest.java +++ b/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsJsonProducerTest.java @@ -17,8 +17,9 @@ * under the License. */ package org.apache.cxf.rs.security.jose.jws; -import org.apache.cxf.rs.security.jose.JoseConstants; import org.apache.cxf.rs.security.jose.JoseHeaders; +import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils; +import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm; import org.junit.Assert; import org.junit.Test; @@ -72,10 +73,9 @@ public class JwsJsonProducerTest extends Assert { public void testSignWithProtectedHeaderOnly() { JwsJsonProducer producer = new JwsJsonProducer(UNSIGNED_PLAIN_JSON_DOCUMENT); JoseHeaders headerEntries = new JoseHeaders(); - headerEntries.setAlgorithm(JoseConstants.HMAC_SHA_256_ALGO); + headerEntries.setAlgorithm(AlgorithmUtils.HMAC_SHA_256_ALGO); - producer.signWith(new HmacJwsSignatureProvider(ENCODED_MAC_KEY_1, - JoseConstants.HMAC_SHA_256_ALGO), + producer.signWith(new HmacJwsSignatureProvider(ENCODED_MAC_KEY_1, SignatureAlgorithm.HS256), headerEntries); assertEquals(SIGNED_JWS_JSON_DOCUMENT, producer.getJwsJsonSignedDocument()); @@ -84,10 +84,9 @@ public class JwsJsonProducerTest extends Assert { public void testSignWithProtectedHeaderOnlyFlat() { JwsJsonProducer producer = new JwsJsonProducer(UNSIGNED_PLAIN_JSON_DOCUMENT, true); JoseHeaders headerEntries = new JoseHeaders(); - headerEntries.setAlgorithm(JoseConstants.HMAC_SHA_256_ALGO); + headerEntries.setAlgorithm(AlgorithmUtils.HMAC_SHA_256_ALGO); - producer.signWith(new HmacJwsSignatureProvider(ENCODED_MAC_KEY_1, - JoseConstants.HMAC_SHA_256_ALGO), + producer.signWith(new HmacJwsSignatureProvider(ENCODED_MAC_KEY_1, SignatureAlgorithm.HS256), headerEntries); assertEquals(SIGNED_JWS_JSON_FLAT_DOCUMENT, producer.getJwsJsonSignedDocument()); @@ -96,13 +95,11 @@ public class JwsJsonProducerTest extends Assert { public void testDualSignWithProtectedHeaderOnly() { JwsJsonProducer producer = new JwsJsonProducer(UNSIGNED_PLAIN_JSON_DOCUMENT); JoseHeaders headerEntries = new JoseHeaders(); - headerEntries.setAlgorithm(JoseConstants.HMAC_SHA_256_ALGO); + headerEntries.setAlgorithm(AlgorithmUtils.HMAC_SHA_256_ALGO); - producer.signWith(new HmacJwsSignatureProvider(ENCODED_MAC_KEY_1, - JoseConstants.HMAC_SHA_256_ALGO), + producer.signWith(new HmacJwsSignatureProvider(ENCODED_MAC_KEY_1, SignatureAlgorithm.HS256), headerEntries); - producer.signWith(new HmacJwsSignatureProvider(ENCODED_MAC_KEY_2, - JoseConstants.HMAC_SHA_256_ALGO), + producer.signWith(new HmacJwsSignatureProvider(ENCODED_MAC_KEY_2, SignatureAlgorithm.HS256), headerEntries); assertEquals(DUAL_SIGNED_JWS_JSON_DOCUMENT, producer.getJwsJsonSignedDocument()); http://git-wip-us.apache.org/repos/asf/cxf/blob/8d2b0180/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/JwtRequestCodeFilter.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/JwtRequestCodeFilter.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/JwtRequestCodeFilter.java index a318c2c..7347229 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/JwtRequestCodeFilter.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/JwtRequestCodeFilter.java @@ -30,7 +30,7 @@ import org.apache.cxf.common.util.crypto.CryptoUtils; import org.apache.cxf.helpers.CastUtils; import org.apache.cxf.jaxrs.impl.MetadataMap; import org.apache.cxf.jaxrs.provider.json.JsonMapObjectReaderWriter; -import org.apache.cxf.rs.security.jose.JoseConstants; +import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils; import org.apache.cxf.rs.security.jose.jwe.JweDecryptionProvider; import org.apache.cxf.rs.security.jose.jwe.JweUtils; import org.apache.cxf.rs.security.jose.jws.JwsJwtCompactConsumer; @@ -106,7 +106,7 @@ public class JwtRequestCodeFilter implements AuthorizationCodeRequestFilter { } if (decryptWithClientSecret) { SecretKey key = CryptoUtils.decodeSecretKey(c.getClientSecret()); - return JweUtils.getDirectKeyJweDecryption(key, JoseConstants.A128GCM_ALGO); + return JweUtils.getDirectKeyJweDecryption(key, AlgorithmUtils.A128GCM_ALGO); } return JweUtils.loadDecryptionProvider(false); } @@ -116,12 +116,12 @@ public class JwtRequestCodeFilter implements AuthorizationCodeRequestFilter { } if (verifyWithClientSecret) { byte[] hmac = CryptoUtils.decodeSequence(c.getClientSecret()); - return JwsUtils.getHmacSignatureVerifier(hmac, JoseConstants.HMAC_SHA_256_ALGO); + return JwsUtils.getHmacSignatureVerifier(hmac, AlgorithmUtils.HMAC_SHA_256_ALGO); } else if (verifyWithClientCertificates) { X509Certificate cert = (X509Certificate)CryptoUtils.decodeCertificate(c.getApplicationCertificates().get(0)); return JwsUtils.getRSAKeySignatureVerifier((RSAPublicKey)cert.getPublicKey(), - JoseConstants.RS_SHA_256_ALGO); + AlgorithmUtils.RS_SHA_256_ALGO); } return JwsUtils.loadSignatureVerifier(true); } http://git-wip-us.apache.org/repos/asf/cxf/blob/8d2b0180/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/JwtRequestCodeGrant.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/JwtRequestCodeGrant.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/JwtRequestCodeGrant.java index 79f6b89..77a63b9 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/JwtRequestCodeGrant.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/JwtRequestCodeGrant.java @@ -26,7 +26,7 @@ import javax.ws.rs.core.MultivaluedMap; import org.apache.cxf.common.util.StringUtils; import org.apache.cxf.common.util.crypto.CryptoUtils; import org.apache.cxf.jaxrs.impl.MetadataMap; -import org.apache.cxf.rs.security.jose.JoseConstants; +import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils; import org.apache.cxf.rs.security.jose.jwe.JweEncryptionProvider; import org.apache.cxf.rs.security.jose.jwe.JweUtils; import org.apache.cxf.rs.security.jose.jws.JwsJwtCompactProducer; @@ -78,7 +78,7 @@ public class JwtRequestCodeGrant extends AuthorizationCodeGrant { } if (signWithClientSecret) { byte[] hmac = CryptoUtils.decodeSequence(clientSecret); - return JwsUtils.getHmacSignatureProvider(hmac, JoseConstants.HMAC_SHA_256_ALGO); + return JwsUtils.getHmacSignatureProvider(hmac, AlgorithmUtils.HMAC_SHA_256_ALGO); } else { return JwsUtils.loadSignatureProvider(true); } @@ -113,7 +113,7 @@ public class JwtRequestCodeGrant extends AuthorizationCodeGrant { } if (encryptWithClientSecret) { SecretKey key = CryptoUtils.decodeSecretKey(clientSecret); - return JweUtils.getDirectKeyJweEncryption(key, JoseConstants.A128GCM_ALGO); + return JweUtils.getDirectKeyJweEncryption(key, AlgorithmUtils.A128GCM_ALGO); } else { return JweUtils.loadEncryptionProvider(false); } http://git-wip-us.apache.org/repos/asf/cxf/blob/8d2b0180/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/jwt/JwtAccessTokenUtils.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/jwt/JwtAccessTokenUtils.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/jwt/JwtAccessTokenUtils.java index ca2d1ab..6cd5f30 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/jwt/JwtAccessTokenUtils.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/jwt/JwtAccessTokenUtils.java @@ -24,8 +24,8 @@ import java.security.interfaces.RSAPublicKey; import javax.crypto.SecretKey; import org.apache.cxf.common.util.StringUtils; -import org.apache.cxf.rs.security.jose.JoseConstants; -import org.apache.cxf.rs.security.jose.jwa.Algorithm; +import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils; +import org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm; import org.apache.cxf.rs.security.jose.jwe.JweDecryption; import org.apache.cxf.rs.security.jose.jwe.JweDecryptionProvider; import org.apache.cxf.rs.security.jose.jwe.JweEncryptionProvider; @@ -51,7 +51,7 @@ public final class JwtAccessTokenUtils { Client client, SecretKey key) { JweEncryptionProvider jweEncryption = - JweUtils.getDirectKeyJweEncryption(key, Algorithm.A128GCM.getJwtName()); + JweUtils.getDirectKeyJweEncryption(key, ContentAlgorithm.A128GCM.getJwaName()); return encryptToAccessToken(jwt, client, jweEncryption); } @@ -75,7 +75,7 @@ public final class JwtAccessTokenUtils { return new BearerAccessToken(client, tokenId, issuedAt, expiresIn); } public static JwtToken decryptFromfromAccessToken(String tokenId, SecretKey key) { - JweDecryption jweDecryption = JweUtils.getDirectKeyJweDecryption(key, Algorithm.A128GCM.getJwtName()); + JweDecryption jweDecryption = JweUtils.getDirectKeyJweDecryption(key, ContentAlgorithm.A128GCM.getJwaName()); return decryptFromAccessToken(tokenId, jweDecryption); } public static JwtToken decryptFromAccessToken(String tokenId, JweDecryptionProvider jweDecryption) { @@ -87,7 +87,7 @@ public final class JwtAccessTokenUtils { Client client, RSAPrivateKey key) { JwsSignatureProvider jws = - JwsUtils.getRSAKeySignatureProvider(key, JoseConstants.RS_SHA_256_ALGO); + JwsUtils.getRSAKeySignatureProvider(key, AlgorithmUtils.RS_SHA_256_ALGO); return signToAccessToken(jwt, client, jws); } @@ -98,7 +98,7 @@ public final class JwtAccessTokenUtils { return toAccessToken(jwt, client, jwtString); } public static JwtToken verifyAccessToken(String tokenId, RSAPublicKey key) { - JwsSignatureVerifier jws = JwsUtils.getRSAKeySignatureVerifier(key, JoseConstants.RS_SHA_256_ALGO); + JwsSignatureVerifier jws = JwsUtils.getRSAKeySignatureVerifier(key, AlgorithmUtils.RS_SHA_256_ALGO); return verifyAccessToken(tokenId, jws); } public static JwtToken verifyAccessToken(String tokenId, JwsSignatureVerifier jws) { http://git-wip-us.apache.org/repos/asf/cxf/blob/8d2b0180/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/AbstractJwsJweProducer.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/AbstractJwsJweProducer.java b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/AbstractJwsJweProducer.java index dfbf8b6..5f8bd8c 100644 --- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/AbstractJwsJweProducer.java +++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/AbstractJwsJweProducer.java @@ -24,7 +24,7 @@ import java.security.interfaces.RSAPublicKey; import javax.crypto.SecretKey; import org.apache.cxf.common.util.crypto.CryptoUtils; -import org.apache.cxf.rs.security.jose.JoseConstants; +import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils; import org.apache.cxf.rs.security.jose.jwe.JweEncryptionProvider; import org.apache.cxf.rs.security.jose.jwe.JweUtils; import org.apache.cxf.rs.security.jose.jws.JwsSignatureProvider; @@ -48,7 +48,7 @@ public abstract class AbstractJwsJweProducer { if (signWithClientSecret) { byte[] hmac = CryptoUtils.decodeSequence(c.getClientSecret()); - return JwsUtils.getHmacSignatureProvider(hmac, JoseConstants.HMAC_SHA_256_ALGO); + return JwsUtils.getHmacSignatureProvider(hmac, AlgorithmUtils.HMAC_SHA_256_ALGO); } else { return JwsUtils.loadSignatureProvider(required); } @@ -60,13 +60,13 @@ public abstract class AbstractJwsJweProducer { JweEncryptionProvider theEncryptionProvider = null; if (encryptWithClientSecret) { SecretKey key = CryptoUtils.decodeSecretKey(c.getClientSecret()); - theEncryptionProvider = JweUtils.getDirectKeyJweEncryption(key, JoseConstants.A128GCM_ALGO); + theEncryptionProvider = JweUtils.getDirectKeyJweEncryption(key, AlgorithmUtils.A128GCM_ALGO); } else if (encryptWithClientCertificates) { X509Certificate cert = (X509Certificate)CryptoUtils.decodeCertificate(c.getApplicationCertificates().get(0)); theEncryptionProvider = JweUtils.createJweEncryptionProvider((RSAPublicKey)cert.getPublicKey(), - JoseConstants.RSA_OAEP_ALGO, - JoseConstants.A128GCM_ALGO, + AlgorithmUtils.RSA_OAEP_ALGO, + AlgorithmUtils.A128GCM_ALGO, null); } if (theEncryptionProvider == null) { http://git-wip-us.apache.org/repos/asf/cxf/blob/8d2b0180/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/BookServer.java ---------------------------------------------------------------------- diff --git a/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/BookServer.java b/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/BookServer.java index 8fd0743..be25b8f 100644 --- a/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/BookServer.java +++ b/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/BookServer.java @@ -67,7 +67,6 @@ public class BookServer extends AbstractBusTestServerBase { JAXRSServerFactoryBean sf = new JAXRSServerFactoryBean(); sf.setBus(bus); sf.setResourceClasses(BookStore.class, SimpleBookStore.class, BookStorePerRequest.class); - sf.getInInterceptors().add(new LoggingInInterceptor()); List<Object> providers = new ArrayList<Object>(); //default lifecycle is per-request, change it to singleton @@ -94,6 +93,8 @@ public class BookServer extends AbstractBusTestServerBase { sf.setProviders(providers); List<Interceptor<? extends Message>> inInts = new ArrayList<Interceptor<? extends Message>>(); inInts.add(new CustomInFaultyInterceptor()); + inInts.add(new LoggingInInterceptor()); + sf.setInInterceptors(inInts); List<Interceptor<? extends Message>> outInts = new ArrayList<Interceptor<? extends Message>>(); outInts.add(new CustomOutInterceptor()); http://git-wip-us.apache.org/repos/asf/cxf/blob/8d2b0180/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/JAXRSClientServerBookTest.java ---------------------------------------------------------------------- diff --git a/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/JAXRSClientServerBookTest.java b/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/JAXRSClientServerBookTest.java index c4863f6..31b2a85 100644 --- a/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/JAXRSClientServerBookTest.java +++ b/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/JAXRSClientServerBookTest.java @@ -551,6 +551,7 @@ public class JAXRSClientServerBookTest extends AbstractBusClientServerTestBase { String endpointAddress = "http://localhost:"; + PORT + "/bookstore/collections3"; WebClient wc = WebClient.create(endpointAddress); + WebClient.getConfig(wc).getHttpConduit().getClient().setReceiveTimeout(1000000); wc.accept("application/xml").type("application/xml"); Book b1 = new Book("CXF in Action", 123L); Book b2 = new Book("CXF Rocks", 124L); http://git-wip-us.apache.org/repos/asf/cxf/blob/8d2b0180/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JAXRSJweJwsTest.java ---------------------------------------------------------------------- diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JAXRSJweJwsTest.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JAXRSJweJwsTest.java index 976fde0..39726e5 100644 --- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JAXRSJweJwsTest.java +++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JAXRSJweJwsTest.java @@ -39,7 +39,10 @@ import org.apache.cxf.rs.security.jose.jaxrs.JweWriterInterceptor; import org.apache.cxf.rs.security.jose.jaxrs.JwsClientResponseFilter; import org.apache.cxf.rs.security.jose.jaxrs.JwsWriterInterceptor; import org.apache.cxf.rs.security.jose.jaxrs.PrivateKeyPasswordProvider; -import org.apache.cxf.rs.security.jose.jwa.Algorithm; +import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils; +import org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm; +import org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm; +import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm; import org.apache.cxf.rs.security.jose.jwe.AesCbcHmacJweDecryption; import org.apache.cxf.rs.security.jose.jwe.AesCbcHmacJweEncryption; import org.apache.cxf.rs.security.jose.jwe.AesWrapKeyDecryptionAlgorithm; @@ -72,7 +75,7 @@ public class JAXRSJweJwsTest extends AbstractBusClientServerTestBase { private static void registerBouncyCastleIfNeeded() throws Exception { try { // Java 8 apparently has it - Cipher.getInstance(Algorithm.AES_GCM_ALGO_JAVA); + Cipher.getInstance(AlgorithmUtils.AES_GCM_ALGO_JAVA); } catch (Throwable t) { // Oracle Java 7 Security.addProvider(new BouncyCastleProvider()); @@ -232,7 +235,7 @@ public class JAXRSJweJwsTest extends AbstractBusClientServerTestBase { public void testJweRsaJwsPlainTextHMac() throws Exception { String address = "https://localhost:"; + PORT + "/jwejwshmac"; HmacJwsSignatureProvider hmacProvider = - new HmacJwsSignatureProvider(ENCODED_MAC_KEY, Algorithm.HmacSHA256.getJwtName()); + new HmacJwsSignatureProvider(ENCODED_MAC_KEY, SignatureAlgorithm.HS256); BookStore bs = createJweJwsBookStore(address, hmacProvider, null); String text = bs.echoText("book"); assertEquals("book", text); @@ -241,7 +244,7 @@ public class JAXRSJweJwsTest extends AbstractBusClientServerTestBase { public void testJweRsaJwsBookHMac() throws Exception { String address = "https://localhost:"; + PORT + "/jwejwshmac"; HmacJwsSignatureProvider hmacProvider = - new HmacJwsSignatureProvider(ENCODED_MAC_KEY, Algorithm.HmacSHA256.getJwtName()); + new HmacJwsSignatureProvider(ENCODED_MAC_KEY, SignatureAlgorithm.HS256); BookStore bs = createJweJwsBookStore(address, hmacProvider, Collections.singletonList(new JacksonJsonProvider())); Book book = bs.echoBook(new Book("book", 123L)); @@ -388,8 +391,8 @@ public class JAXRSJweJwsTest extends AbstractBusClientServerTestBase { final String cekEncryptionKey = "GawgguFyGrWKav7AX4VKUg"; AesWrapKeyEncryptionAlgorithm keyEncryption = - new AesWrapKeyEncryptionAlgorithm(cekEncryptionKey, Algorithm.A128KW.getJwtName()); - jweWriter.setEncryptionProvider(new AesCbcHmacJweEncryption(Algorithm.A128CBC_HS256.getJwtName(), + new AesWrapKeyEncryptionAlgorithm(cekEncryptionKey, KeyAlgorithm.A128KW); + jweWriter.setEncryptionProvider(new AesCbcHmacJweEncryption(ContentAlgorithm.A128CBC_HS256, keyEncryption)); // reader http://git-wip-us.apache.org/repos/asf/cxf/blob/8d2b0180/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JAXRSJwsJsonTest.java ---------------------------------------------------------------------- diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JAXRSJwsJsonTest.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JAXRSJwsJsonTest.java index 45602d9..989d1ab 100644 --- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JAXRSJwsJsonTest.java +++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JAXRSJwsJsonTest.java @@ -40,7 +40,7 @@ import org.apache.cxf.rs.security.jose.jaxrs.JweClientResponseFilter; import org.apache.cxf.rs.security.jose.jaxrs.JweWriterInterceptor; import org.apache.cxf.rs.security.jose.jaxrs.JwsJsonClientResponseFilter; import org.apache.cxf.rs.security.jose.jaxrs.JwsJsonWriterInterceptor; -import org.apache.cxf.rs.security.jose.jwa.Algorithm; +import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils; import org.apache.cxf.systest.jaxrs.security.Book; import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase; import org.bouncycastle.jce.provider.BouncyCastleProvider; @@ -62,7 +62,7 @@ public class JAXRSJwsJsonTest extends AbstractBusClientServerTestBase { private static void registerBouncyCastleIfNeeded() throws Exception { try { // Java 8 apparently has it - Cipher.getInstance(Algorithm.AES_GCM_ALGO_JAVA); + Cipher.getInstance(AlgorithmUtils.AES_GCM_ALGO_JAVA); } catch (Throwable t) { // Oracle Java 7 Security.addProvider(new BouncyCastleProvider()); http://git-wip-us.apache.org/repos/asf/cxf/blob/8d2b0180/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/server.xml ---------------------------------------------------------------------- diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/server.xml b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/server.xml index bd81abb..3e5e1d3 100644 --- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/server.xml +++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/server.xml @@ -42,7 +42,7 @@ under the License. <bean id="jweOutFilter" class="org.apache.cxf.rs.security.jose.jaxrs.JweWriterInterceptor"/> <bean id="aesWrapEncryptionAlgo" class="org.apache.cxf.rs.security.jose.jwe.AesWrapKeyEncryptionAlgorithm"> - <constructor-arg value="GawgguFyGrWKav7AX4VKUg"/> + <constructor-arg type="java.lang.String" value="GawgguFyGrWKav7AX4VKUg"/> <constructor-arg value="A128KW"/> </bean> <bean id="aesCbcHmacEncryption" class="org.apache.cxf.rs.security.jose.jwe.AesCbcHmacJweEncryption"> @@ -65,7 +65,7 @@ under the License. </bean> <bean id="hmacSigVerifier" class="org.apache.cxf.rs.security.jose.jws.HmacJwsSignatureVerifier"> - <constructor-arg value="AyM1SysPpbyDfgZld3umj1qzKObwVMkoqQ-EstJQLr_T-1qS0gZH75aKtMN3Yj0iPS4hcgUuTwjAzZr1Z9CAow"/> + <constructor-arg type="java.lang.String" value="AyM1SysPpbyDfgZld3umj1qzKObwVMkoqQ-EstJQLr_T-1qS0gZH75aKtMN3Yj0iPS4hcgUuTwjAzZr1Z9CAow"/> <constructor-arg value="HS256"/> </bean> <bean id="jwsHmacInFilter" class="org.apache.cxf.rs.security.jose.jaxrs.JwsContainerRequestFilter">
