Repository: cxf Updated Branches: refs/heads/3.0.x-fixes e17409d6b -> 9db0b6856
Prototyping the code for supporting JWS in header key ids Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/9db0b685 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/9db0b685 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/9db0b685 Branch: refs/heads/3.0.x-fixes Commit: 9db0b685641ffb18c4718d35d15f7a307a332e07 Parents: e17409d Author: Sergey Beryozkin <[email protected]> Authored: Wed Jun 10 13:32:18 2015 +0100 Committer: Sergey Beryozkin <[email protected]> Committed: Wed Jun 10 13:33:43 2015 +0100 ---------------------------------------------------------------------- .../security/jose/jaxrs/KeyManagementUtils.java | 3 ++ .../cxf/rs/security/jose/jwe/JweUtils.java | 10 ++++-- .../cxf/rs/security/jose/jwk/JsonWebKey.java | 4 +-- .../cxf/rs/security/jose/jwk/JsonWebKeys.java | 2 +- .../cxf/rs/security/jose/jwk/JwkUtils.java | 36 +++++++++++++++----- .../cxf/rs/security/jose/jws/JwsUtils.java | 30 ++++++++++------ .../jose/cookbook/JwkJoseCookBookTest.java | 8 ++--- .../rs/security/jose/jwk/JsonWebKeyTest.java | 8 ++--- .../jaxrs/security/jwt/JAXRSJweJwsTest.java | 20 ++++++++++- 9 files changed, 88 insertions(+), 33 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/9db0b685/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/KeyManagementUtils.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/KeyManagementUtils.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/KeyManagementUtils.java index 9a4078e..4bbc43e 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/KeyManagementUtils.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/KeyManagementUtils.java @@ -70,6 +70,8 @@ public final class KeyManagementUtils { public static final String RSSEC_DECRYPT_KEY_PSWD_PROVIDER = "rs.security.decryption.key.password.provider"; public static final String RSSEC_DEFAULT_ALGORITHMS = "rs.security.default.algorithms"; public static final String RSSEC_REPORT_KEY_PROP = "rs.security.report.public.key"; + public static final String RSSEC_REPORT_KEY_ID_PROP = "rs.security.report.public.key.id"; + public static final String RSSEC_ACCEPT_PUBLIC_KEY_PROP = "rs.security.accept.public.key.properties"; private static final Logger LOG = LogUtils.getL7dLogger(KeyManagementUtils.class); private KeyManagementUtils() { @@ -272,6 +274,7 @@ public final class KeyManagementUtils { return null; } } + //TODO: enhance the certificate validation code public static void validateCertificateChain(Properties storeProperties, List<X509Certificate> inCerts) { KeyStore ks = loadPersistKeyStore(JAXRSUtils.getCurrentMessage(), storeProperties); validateCertificateChain(ks, inCerts); http://git-wip-us.apache.org/repos/asf/cxf/blob/9db0b685/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java index fd837d8..1c2c9d6 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java @@ -59,6 +59,7 @@ public final class JweUtils { private static final String RSSEC_ENCRYPTION_IN_PROPS = "rs.security.encryption.in.properties"; private static final String RSSEC_ENCRYPTION_PROPS = "rs.security.encryption.properties"; private static final String RSSEC_ENCRYPTION_REPORT_KEY_PROP = "rs.security.jwe.report.public.key"; + private static final String RSSEC_ENCRYPTION_REPORT_KEY_ID_PROP = "rs.security.jwe.report.public.key.id"; private JweUtils() { @@ -265,6 +266,10 @@ public final class JweUtils { headers != null && MessageUtils.isTrue( MessageUtils.getContextualProperty(m, RSSEC_ENCRYPTION_REPORT_KEY_PROP, KeyManagementUtils.RSSEC_REPORT_KEY_PROP)); + boolean reportPublicKeyId = + headers != null && MessageUtils.isTrue( + MessageUtils.getContextualProperty(m, RSSEC_ENCRYPTION_REPORT_KEY_ID_PROP, + KeyManagementUtils.RSSEC_REPORT_KEY_ID_PROP)); KeyEncryptionProvider keyEncryptionProvider = null; String keyEncryptionAlgo = getKeyEncryptionAlgo(m, props, null, null); @@ -279,8 +284,9 @@ public final class JweUtils { ctEncryptionProvider = getContentEncryptionAlgorithm(jwk, contentEncryptionAlgo); } else { keyEncryptionProvider = getKeyEncryptionProvider(jwk, keyEncryptionAlgo); - if (reportPublicKey) { - JwkUtils.setPublicKeyInfo(jwk, headers, keyEncryptionAlgo); + if (reportPublicKey || reportPublicKeyId) { + JwkUtils.setPublicKeyInfo(jwk, headers, keyEncryptionAlgo, + reportPublicKey, reportPublicKeyId); } } } else { http://git-wip-us.apache.org/repos/asf/cxf/blob/9db0b685/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JsonWebKey.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JsonWebKey.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JsonWebKey.java index e723ef3..4252add 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JsonWebKey.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JsonWebKey.java @@ -108,11 +108,11 @@ public class JsonWebKey extends JsonMapObject { return (String)getProperty(KEY_ALGO); } - public void setKid(String kid) { + public void setKeyId(String kid) { setProperty(KEY_ID, kid); } - public String getKid() { + public String getKeyId() { return (String)getProperty(KEY_ID); } http://git-wip-us.apache.org/repos/asf/cxf/blob/9db0b685/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JsonWebKeys.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JsonWebKeys.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JsonWebKeys.java index 29ea88a..e7410ae 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JsonWebKeys.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JsonWebKeys.java @@ -60,7 +60,7 @@ public class JsonWebKeys extends JsonMapObject { } Map<String, JsonWebKey> map = new LinkedHashMap<String, JsonWebKey>(); for (JsonWebKey key : keys) { - String kid = key.getKid(); + String kid = key.getKeyId(); if (kid != null) { map.put(kid, key); } http://git-wip-us.apache.org/repos/asf/cxf/blob/9db0b685/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkUtils.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkUtils.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkUtils.java index 9dcd0fe..3544779 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkUtils.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkUtils.java @@ -42,6 +42,7 @@ import org.apache.cxf.helpers.CastUtils; import org.apache.cxf.helpers.IOUtils; import org.apache.cxf.jaxrs.utils.ResourceUtils; import org.apache.cxf.message.Message; +import org.apache.cxf.message.MessageUtils; import org.apache.cxf.rs.security.jose.JoseConstants; import org.apache.cxf.rs.security.jose.JoseHeaders; import org.apache.cxf.rs.security.jose.JoseUtils; @@ -262,14 +263,22 @@ public final class JwkUtils { } } public static JsonWebKey loadJsonWebKey(Message m, Properties props, String keyOper) { - return loadJsonWebKey(m, props, keyOper, new DefaultJwkReaderWriter()); + return loadJsonWebKey(m, props, keyOper, null); } - - public static JsonWebKey loadJsonWebKey(Message m, Properties props, String keyOper, JwkReaderWriter reader) { + public static JsonWebKey loadJsonWebKey(Message m, Properties props, String keyOper, String inHeaderKid) { + return loadJsonWebKey(m, props, keyOper, inHeaderKid, new DefaultJwkReaderWriter()); + } + public static JsonWebKey loadJsonWebKey(Message m, Properties props, String keyOper, String inHeaderKid, + JwkReaderWriter reader) { PrivateKeyPasswordProvider cb = KeyManagementUtils.loadPasswordProvider(m, props, keyOper); JsonWebKeys jwkSet = loadJwkSet(m, props, cb, reader); - String kid = - KeyManagementUtils.getKeyId(m, props, KeyManagementUtils.RSSEC_KEY_STORE_ALIAS, keyOper); + String kid = null; + if (inHeaderKid != null + && MessageUtils.getContextualBoolean(m, KeyManagementUtils.RSSEC_ACCEPT_PUBLIC_KEY_PROP, true)) { + kid = inHeaderKid; + } else { + kid = KeyManagementUtils.getKeyId(m, props, KeyManagementUtils.RSSEC_KEY_STORE_ALIAS, keyOper); + } if (kid != null) { return jwkSet.getKey(kid); } else if (keyOper != null) { @@ -460,15 +469,24 @@ public final class JwkUtils { private static JweHeaders toJweHeaders(String ct) { return new JweHeaders(Collections.<String, Object>singletonMap(JoseConstants.HEADER_CONTENT_TYPE, ct)); } - public static void setPublicKeyInfo(JsonWebKey jwk, JoseHeaders headers, String algo) { - if (JsonWebKey.KEY_TYPE_RSA.equals(jwk.getKeyType())) { + public static void setPublicKeyInfo(JsonWebKey jwk, JoseHeaders headers, String algo, + boolean reportPublicKey, boolean reportPublicKeyId) { + if (reportPublicKey && JsonWebKey.KEY_TYPE_RSA.equals(jwk.getKeyType())) { List<String> chain = CastUtils.cast((List<?>)jwk.getProperty("x5c")); + //TODO: if needed the chain can be reported as part of a 'jwk' property if (chain != null) { headers.setX509Chain(chain); } else { - headers.setJsonWebKey( - JwkUtils.fromRSAPublicKey(JwkUtils.toRSAPublicKey(jwk), algo)); + JsonWebKey jwkPublic = JwkUtils.fromRSAPublicKey(JwkUtils.toRSAPublicKey(jwk), algo); + if (reportPublicKeyId && jwk.getKeyId() != null) { + jwkPublic.setKeyId(jwk.getKeyId()); + } + headers.setJsonWebKey(jwkPublic); } } + if (reportPublicKeyId && jwk.getKeyId() != null) { + headers.setKeyId(jwk.getKeyId()); + } + } } http://git-wip-us.apache.org/repos/asf/cxf/blob/9db0b685/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java index 42afdcf..0b8f1ca 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java @@ -54,7 +54,8 @@ public final class JwsUtils { private static final String RSSEC_SIGNATURE_OUT_PROPS = "rs.security.signature.out.properties"; private static final String RSSEC_SIGNATURE_IN_PROPS = "rs.security.signature.in.properties"; private static final String RSSEC_SIGNATURE_PROPS = "rs.security.signature.properties"; - private static final String JSON_WEB_SIGNATURE_REPORT_KEY_PROP = "rs.security.jws.report.public.key"; + private static final String RSSEC_REPORT_KEY_PROP = "rs.security.jws.report.public.key"; + private static final String RSSEC_REPORT_KEY_ID_PROP = "rs.security.jws.report.public.key.id"; private JwsUtils() { } @@ -256,18 +257,22 @@ public final class JwsUtils { Properties props, JoseHeaders headers, boolean ignoreNullProvider) { - JwsSignatureProvider theSigProvider = null; - boolean reportPublicKey = + JwsSignatureProvider theSigProvider = null; + + boolean reportPublicKey = headers != null && MessageUtils.isTrue( + MessageUtils.getContextualProperty(m, RSSEC_REPORT_KEY_PROP, + KeyManagementUtils.RSSEC_REPORT_KEY_PROP)); + boolean reportPublicKeyId = headers != null && MessageUtils.isTrue( - MessageUtils.getContextualProperty(m, JSON_WEB_SIGNATURE_REPORT_KEY_PROP, - KeyManagementUtils.RSSEC_REPORT_KEY_PROP)); + MessageUtils.getContextualProperty(m, RSSEC_REPORT_KEY_ID_PROP, + KeyManagementUtils.RSSEC_REPORT_KEY_ID_PROP)); if (JwkUtils.JWK_KEY_STORE_TYPE.equals(props.get(KeyManagementUtils.RSSEC_KEY_STORE_TYPE))) { JsonWebKey jwk = JwkUtils.loadJsonWebKey(m, props, JsonWebKey.KEY_OPER_SIGN); if (jwk != null) { String signatureAlgo = getSignatureAlgo(m, props, jwk.getAlgorithm(), getDefaultKeyAlgo(jwk)); theSigProvider = JwsUtils.getSignatureProvider(jwk, signatureAlgo); - if (reportPublicKey) { - JwkUtils.setPublicKeyInfo(jwk, headers, signatureAlgo); + if (reportPublicKey || reportPublicKeyId) { + JwkUtils.setPublicKeyInfo(jwk, headers, signatureAlgo, reportPublicKey, reportPublicKeyId); } } } else { @@ -289,11 +294,16 @@ public final class JwsUtils { JoseHeaders inHeaders, boolean ignoreNullVerifier) { JwsSignatureVerifier theVerifier = null; + String inHeaderKid = null; if (inHeaders != null) { - //TODO: validate incoming public keys or certificates + inHeaderKid = inHeaders.getKeyId(); //TODO: optionally validate inHeaders.getAlgorithm against a property in props if (inHeaders.getHeader(JoseConstants.HEADER_JSON_WEB_KEY) != null) { JsonWebKey publicJwk = inHeaders.getJsonWebKey(); + if (inHeaderKid != null && !inHeaderKid.equals(publicJwk.getKeyId()) + || !MessageUtils.getContextualBoolean(m, KeyManagementUtils.RSSEC_ACCEPT_PUBLIC_KEY_PROP, true)) { + throw new JwsException(JwsException.Error.INVALID_KEY); + } return getSignatureVerifier(publicJwk, inHeaders.getAlgorithm()); } else if (inHeaders.getHeader(JoseConstants.HEADER_X509_CHAIN) != null) { List<X509Certificate> chain = KeyManagementUtils.toX509CertificateChain(inHeaders.getX509Chain()); @@ -303,10 +313,10 @@ public final class JwsUtils { } if (JwkUtils.JWK_KEY_STORE_TYPE.equals(props.get(KeyManagementUtils.RSSEC_KEY_STORE_TYPE))) { - JsonWebKey jwk = JwkUtils.loadJsonWebKey(m, props, JsonWebKey.KEY_OPER_VERIFY); + JsonWebKey jwk = JwkUtils.loadJsonWebKey(m, props, JsonWebKey.KEY_OPER_VERIFY, inHeaderKid); if (jwk != null) { String signatureAlgo = getSignatureAlgo(m, props, jwk.getAlgorithm(), getDefaultKeyAlgo(jwk)); - theVerifier = JwsUtils.getSignatureVerifier(jwk, signatureAlgo); + theVerifier = getSignatureVerifier(jwk, signatureAlgo); } } else { http://git-wip-us.apache.org/repos/asf/cxf/blob/9db0b685/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/cookbook/JwkJoseCookBookTest.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/cookbook/JwkJoseCookBookTest.java b/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/cookbook/JwkJoseCookBookTest.java index 68775fc..223e68c 100644 --- a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/cookbook/JwkJoseCookBookTest.java +++ b/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/cookbook/JwkJoseCookBookTest.java @@ -137,20 +137,20 @@ public class JwkJoseCookBookTest extends Assert { } private void validateSecretSignKey(JsonWebKey key) { assertEquals(SIGN_SECRET_VALUE, key.getProperty(JsonWebKey.OCTET_KEY_VALUE)); - assertEquals(SIGN_KID_VALUE, key.getKid()); + assertEquals(SIGN_KID_VALUE, key.getKeyId()); assertEquals(JsonWebKey.KEY_TYPE_OCTET, key.getKeyType()); assertEquals(AlgorithmUtils.HMAC_SHA_256_ALGO, key.getAlgorithm()); } private void validateSecretEncKey(JsonWebKey key) { assertEquals(ENCRYPTION_SECRET_VALUE, key.getProperty(JsonWebKey.OCTET_KEY_VALUE)); - assertEquals(ENCRYPTION_KID_VALUE, key.getKid()); + assertEquals(ENCRYPTION_KID_VALUE, key.getKeyId()); assertEquals(JsonWebKey.KEY_TYPE_OCTET, key.getKeyType()); assertEquals(AlgorithmUtils.A256GCM_ALGO, key.getAlgorithm()); } private void validatePublicRsaKey(JsonWebKey key) { assertEquals(RSA_MODULUS_VALUE, key.getProperty(JsonWebKey.RSA_MODULUS)); assertEquals(RSA_PUBLIC_EXP_VALUE, key.getProperty(JsonWebKey.RSA_PUBLIC_EXP)); - assertEquals(RSA_KID_VALUE, key.getKid()); + assertEquals(RSA_KID_VALUE, key.getKeyId()); assertEquals(JsonWebKey.KEY_TYPE_RSA, key.getKeyType()); } private void validatePrivateRsaKey(JsonWebKey key) { @@ -165,7 +165,7 @@ public class JwkJoseCookBookTest extends Assert { private void validatePublicEcKey(JsonWebKey key) { assertEquals(EC_X_COORDINATE_VALUE, key.getProperty(JsonWebKey.EC_X_COORDINATE)); assertEquals(EC_Y_COORDINATE_VALUE, key.getProperty(JsonWebKey.EC_Y_COORDINATE)); - assertEquals(EC_KID_VALUE, key.getKid()); + assertEquals(EC_KID_VALUE, key.getKeyId()); assertEquals(JsonWebKey.KEY_TYPE_ELLIPTIC, key.getKeyType()); assertEquals(EC_CURVE_VALUE, key.getProperty(JsonWebKey.EC_CURVE)); assertEquals(JsonWebKey.PUBLIC_KEY_USE_SIGN, key.getPublicKeyUse()); http://git-wip-us.apache.org/repos/asf/cxf/blob/9db0b685/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwk/JsonWebKeyTest.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwk/JsonWebKeyTest.java b/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwk/JsonWebKeyTest.java index 6c0f243..f33ecbb 100644 --- a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwk/JsonWebKeyTest.java +++ b/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwk/JsonWebKeyTest.java @@ -182,13 +182,13 @@ public class JsonWebKeyTest extends Assert { private void validateSecretAesKey(JsonWebKey key) { assertEquals(AES_SECRET_VALUE, key.getProperty(JsonWebKey.OCTET_KEY_VALUE)); - assertEquals(AES_KID_VALUE, key.getKid()); + assertEquals(AES_KID_VALUE, key.getKeyId()); assertEquals(JsonWebKey.KEY_TYPE_OCTET, key.getKeyType()); assertEquals(AlgorithmUtils.A128KW_ALGO, key.getAlgorithm()); } private void validateSecretHmacKey(JsonWebKey key) { assertEquals(HMAC_SECRET_VALUE, key.getProperty(JsonWebKey.OCTET_KEY_VALUE)); - assertEquals(HMAC_KID_VALUE, key.getKid()); + assertEquals(HMAC_KID_VALUE, key.getKeyId()); assertEquals(JsonWebKey.KEY_TYPE_OCTET, key.getKeyType()); assertEquals(AlgorithmUtils.HMAC_SHA_256_ALGO, key.getAlgorithm()); } @@ -196,7 +196,7 @@ public class JsonWebKeyTest extends Assert { private void validatePublicRsaKey(JsonWebKey key) { assertEquals(RSA_MODULUS_VALUE, key.getProperty(JsonWebKey.RSA_MODULUS)); assertEquals(RSA_PUBLIC_EXP_VALUE, key.getProperty(JsonWebKey.RSA_PUBLIC_EXP)); - assertEquals(RSA_KID_VALUE, key.getKid()); + assertEquals(RSA_KID_VALUE, key.getKeyId()); assertEquals(JsonWebKey.KEY_TYPE_RSA, key.getKeyType()); assertEquals(AlgorithmUtils.RS_SHA_256_ALGO, key.getAlgorithm()); } @@ -212,7 +212,7 @@ public class JsonWebKeyTest extends Assert { private void validatePublicEcKey(JsonWebKey key) { assertEquals(EC_X_COORDINATE_VALUE, key.getProperty(JsonWebKey.EC_X_COORDINATE)); assertEquals(EC_Y_COORDINATE_VALUE, key.getProperty(JsonWebKey.EC_Y_COORDINATE)); - assertEquals(EC_KID_VALUE, key.getKid()); + assertEquals(EC_KID_VALUE, key.getKeyId()); assertEquals(JsonWebKey.KEY_TYPE_ELLIPTIC, key.getKeyType()); assertEquals(EC_CURVE_VALUE, key.getProperty(JsonWebKey.EC_CURVE)); assertEquals(JsonWebKey.PUBLIC_KEY_USE_ENCRYPT, key.getPublicKeyUse()); http://git-wip-us.apache.org/repos/asf/cxf/blob/9db0b685/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JAXRSJweJwsTest.java ---------------------------------------------------------------------- diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JAXRSJweJwsTest.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JAXRSJweJwsTest.java index 63233d7..d8d2476 100644 --- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JAXRSJweJwsTest.java +++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JAXRSJweJwsTest.java @@ -338,7 +338,19 @@ public class JAXRSJweJwsTest extends AbstractBusClientServerTestBase { } @Test public void testJwsJwkRSA() throws Exception { - String address = "https://localhost:"; + PORT + "/jwsjwkrsa"; + doTestJwsJwkRSA("https://localhost:"; + PORT + "/jwsjwkrsa", false, false); + } + @Test + public void testJwsJwkInHeadersRSA() throws Exception { + doTestJwsJwkRSA("https://localhost:"; + PORT + "/jwsjwkrsa", true, true); + } + @Test + public void testJwsJwkKidOnlyInHeadersRSA() throws Exception { + doTestJwsJwkRSA("https://localhost:"; + PORT + "/jwsjwkrsa", false, true); + } + private void doTestJwsJwkRSA(String address, + boolean reportPublicKey, + boolean reportPublicKeyId) throws Exception { JAXRSClientFactoryBean bean = new JAXRSClientFactoryBean(); SpringBusFactory bf = new SpringBusFactory(); URL busFile = JAXRSJweJwsTest.class.getResource("client.xml"); @@ -356,6 +368,12 @@ public class JAXRSJweJwsTest extends AbstractBusClientServerTestBase { "org/apache/cxf/systest/jaxrs/security/alice.jwk.properties"); bean.getProperties(true).put("rs.security.signature.in.properties", "org/apache/cxf/systest/jaxrs/security/bob.jwk.properties"); + if (reportPublicKey) { + bean.getProperties(true).put("rs.security.report.public.key", true); + } + if (reportPublicKeyId) { + bean.getProperties(true).put("rs.security.report.public.key.id", true); + } BookStore bs = bean.create(BookStore.class); String text = bs.echoText("book"); assertEquals("book", text);
