Fix some failing tests with WSS4J SNAPSHOT
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/7b762968 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/7b762968 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/7b762968 Branch: refs/heads/master Commit: 7b7629682d15345518e66d46e575bf1ac334cf00 Parents: 591a3ac Author: Colm O hEigeartaigh <[email protected]> Authored: Mon Nov 16 10:55:33 2015 +0000 Committer: Colm O hEigeartaigh <[email protected]> Committed: Mon Nov 16 11:35:08 2015 +0000 ---------------------------------------------------------------------- .../token/provider/JWTTokenProviderTest.java | 167 ++++++++++--------- 1 file changed, 90 insertions(+), 77 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/7b762968/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/JWTTokenProviderTest.java ---------------------------------------------------------------------- diff --git a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/JWTTokenProviderTest.java b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/JWTTokenProviderTest.java index c81f746..f49e6eb 100644 --- a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/JWTTokenProviderTest.java +++ b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/JWTTokenProviderTest.java @@ -19,6 +19,7 @@ package org.apache.cxf.sts.token.provider; import java.security.KeyStore; +import java.security.Security; import java.security.cert.X509Certificate; import java.util.Arrays; import java.util.Properties; @@ -53,6 +54,7 @@ import org.apache.wss4j.common.crypto.CryptoType; import org.apache.wss4j.common.crypto.Merlin; import org.apache.wss4j.common.ext.WSSecurityException; import org.apache.wss4j.common.principal.CustomTokenPrincipal; +import org.bouncycastle.jce.provider.BouncyCastleProvider; import org.junit.Assert; /** @@ -131,42 +133,48 @@ public class JWTTokenProviderTest extends org.junit.Assert { @org.junit.Test public void testCreateSignedPSJWT() throws Exception { - TokenProvider jwtTokenProvider = new JWTTokenProvider(); - ((JWTTokenProvider)jwtTokenProvider).setSignToken(true); - - TokenProviderParameters providerParameters = createProviderParameters(); - SignatureProperties sigProps = new SignatureProperties(); - sigProps.setSignatureAlgorithm(SignatureAlgorithm.PS256.name()); - providerParameters.getStsProperties().setSignatureProperties(sigProps); - - assertTrue(jwtTokenProvider.canHandleToken(JWTTokenProvider.JWT_TOKEN_TYPE)); - TokenProviderResponse providerResponse = jwtTokenProvider.createToken(providerParameters); - assertTrue(providerResponse != null); - assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null); - - String token = (String)providerResponse.getToken(); - assertNotNull(token); - assertTrue(token.split("\\.").length == 3); - - // Validate the token - JwsJwtCompactConsumer jwtConsumer = new JwsJwtCompactConsumer(token); - JwtToken jwt = jwtConsumer.getJwtToken(); - Assert.assertEquals("alice", jwt.getClaim(JwtConstants.CLAIM_SUBJECT)); - Assert.assertEquals(providerResponse.getTokenId(), jwt.getClaim(JwtConstants.CLAIM_JWT_ID)); - Assert.assertEquals(providerResponse.getCreated().getTime() / 1000L, - jwt.getClaim(JwtConstants.CLAIM_ISSUED_AT)); - Assert.assertEquals(providerResponse.getExpires().getTime() / 1000L, - jwt.getClaim(JwtConstants.CLAIM_EXPIRY)); + try { + Security.addProvider(new BouncyCastleProvider()); - // Verify Signature - Crypto crypto = providerParameters.getStsProperties().getSignatureCrypto(); - CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS); - cryptoType.setAlias(providerParameters.getStsProperties().getSignatureUsername()); - X509Certificate[] certs = crypto.getX509Certificates(cryptoType); - assertNotNull(certs); - - assertFalse(jwtConsumer.verifySignatureWith(certs[0], SignatureAlgorithm.RS256)); - assertTrue(jwtConsumer.verifySignatureWith(certs[0], SignatureAlgorithm.PS256)); + TokenProvider jwtTokenProvider = new JWTTokenProvider(); + ((JWTTokenProvider)jwtTokenProvider).setSignToken(true); + + TokenProviderParameters providerParameters = createProviderParameters(); + SignatureProperties sigProps = new SignatureProperties(); + sigProps.setSignatureAlgorithm(SignatureAlgorithm.PS256.name()); + providerParameters.getStsProperties().setSignatureProperties(sigProps); + + assertTrue(jwtTokenProvider.canHandleToken(JWTTokenProvider.JWT_TOKEN_TYPE)); + TokenProviderResponse providerResponse = jwtTokenProvider.createToken(providerParameters); + assertTrue(providerResponse != null); + assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null); + + String token = (String)providerResponse.getToken(); + assertNotNull(token); + assertTrue(token.split("\\.").length == 3); + + // Validate the token + JwsJwtCompactConsumer jwtConsumer = new JwsJwtCompactConsumer(token); + JwtToken jwt = jwtConsumer.getJwtToken(); + Assert.assertEquals("alice", jwt.getClaim(JwtConstants.CLAIM_SUBJECT)); + Assert.assertEquals(providerResponse.getTokenId(), jwt.getClaim(JwtConstants.CLAIM_JWT_ID)); + Assert.assertEquals(providerResponse.getCreated().getTime() / 1000L, + jwt.getClaim(JwtConstants.CLAIM_ISSUED_AT)); + Assert.assertEquals(providerResponse.getExpires().getTime() / 1000L, + jwt.getClaim(JwtConstants.CLAIM_EXPIRY)); + + // Verify Signature + Crypto crypto = providerParameters.getStsProperties().getSignatureCrypto(); + CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS); + cryptoType.setAlias(providerParameters.getStsProperties().getSignatureUsername()); + X509Certificate[] certs = crypto.getX509Certificates(cryptoType); + assertNotNull(certs); + + assertFalse(jwtConsumer.verifySignatureWith(certs[0], SignatureAlgorithm.RS256)); + assertTrue(jwtConsumer.verifySignatureWith(certs[0], SignatureAlgorithm.PS256)); + } finally { + Security.removeProvider(BouncyCastleProvider.PROVIDER_NAME); + } } @org.junit.Test @@ -249,53 +257,58 @@ public class JWTTokenProviderTest extends org.junit.Assert { @org.junit.Test public void testCreateUnsignedEncryptedCBCJWT() throws Exception { - TokenProvider jwtTokenProvider = new JWTTokenProvider(); - ((JWTTokenProvider)jwtTokenProvider).setSignToken(false); - - TokenProviderParameters providerParameters = createProviderParameters(); - providerParameters.setEncryptToken(true); - providerParameters.getEncryptionProperties().setEncryptionAlgorithm( - ContentAlgorithm.A128CBC_HS256.name() - ); - - assertTrue(jwtTokenProvider.canHandleToken(JWTTokenProvider.JWT_TOKEN_TYPE)); - TokenProviderResponse providerResponse = jwtTokenProvider.createToken(providerParameters); - assertTrue(providerResponse != null); - assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null); - - String token = (String)providerResponse.getToken(); - assertNotNull(token); - assertTrue(token.split("\\.").length == 5); - - if (unrestrictedPoliciesInstalled) { - // Validate the token - JweJwtCompactConsumer jwtConsumer = new JweJwtCompactConsumer(token); - Properties decProperties = new Properties(); - Crypto decryptionCrypto = CryptoFactory.getInstance(getDecryptionProperties()); - KeyStore keystore = ((Merlin)decryptionCrypto).getKeyStore(); - decProperties.put(JoseConstants.RSSEC_KEY_STORE, keystore); - decProperties.put(JoseConstants.RSSEC_KEY_STORE_ALIAS, "myservicekey"); - decProperties.put(JoseConstants.RSSEC_KEY_PSWD, "skpass"); - decProperties.put(JoseConstants.RSSEC_ENCRYPTION_CONTENT_ALGORITHM, - ContentAlgorithm.A128CBC_HS256.name()); + try { + Security.addProvider(new BouncyCastleProvider()); - JweDecryptionProvider decProvider = - JweUtils.loadDecryptionProvider(decProperties, jwtConsumer.getHeaders(), false); + TokenProvider jwtTokenProvider = new JWTTokenProvider(); + ((JWTTokenProvider)jwtTokenProvider).setSignToken(false); - JweDecryptionOutput decOutput = decProvider.decrypt(token); - String decToken = decOutput.getContentText(); + TokenProviderParameters providerParameters = createProviderParameters(); + providerParameters.setEncryptToken(true); + providerParameters.getEncryptionProperties().setEncryptionAlgorithm( + ContentAlgorithm.A128CBC_HS256.name() + ); - JwsJwtCompactConsumer jwtJwsConsumer = new JwsJwtCompactConsumer(decToken); - JwtToken jwt = jwtJwsConsumer.getJwtToken(); + assertTrue(jwtTokenProvider.canHandleToken(JWTTokenProvider.JWT_TOKEN_TYPE)); + TokenProviderResponse providerResponse = jwtTokenProvider.createToken(providerParameters); + assertTrue(providerResponse != null); + assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null); + + String token = (String)providerResponse.getToken(); + assertNotNull(token); + assertTrue(token.split("\\.").length == 5); - Assert.assertEquals("alice", jwt.getClaim(JwtConstants.CLAIM_SUBJECT)); - Assert.assertEquals(providerResponse.getTokenId(), jwt.getClaim(JwtConstants.CLAIM_JWT_ID)); - Assert.assertEquals(providerResponse.getCreated().getTime() / 1000L, - jwt.getClaim(JwtConstants.CLAIM_ISSUED_AT)); - Assert.assertEquals(providerResponse.getExpires().getTime() / 1000L, - jwt.getClaim(JwtConstants.CLAIM_EXPIRY)); + if (unrestrictedPoliciesInstalled) { + // Validate the token + JweJwtCompactConsumer jwtConsumer = new JweJwtCompactConsumer(token); + Properties decProperties = new Properties(); + Crypto decryptionCrypto = CryptoFactory.getInstance(getDecryptionProperties()); + KeyStore keystore = ((Merlin)decryptionCrypto).getKeyStore(); + decProperties.put(JoseConstants.RSSEC_KEY_STORE, keystore); + decProperties.put(JoseConstants.RSSEC_KEY_STORE_ALIAS, "myservicekey"); + decProperties.put(JoseConstants.RSSEC_KEY_PSWD, "skpass"); + decProperties.put(JoseConstants.RSSEC_ENCRYPTION_CONTENT_ALGORITHM, + ContentAlgorithm.A128CBC_HS256.name()); + + JweDecryptionProvider decProvider = + JweUtils.loadDecryptionProvider(decProperties, jwtConsumer.getHeaders(), false); + + JweDecryptionOutput decOutput = decProvider.decrypt(token); + String decToken = decOutput.getContentText(); + + JwsJwtCompactConsumer jwtJwsConsumer = new JwsJwtCompactConsumer(decToken); + JwtToken jwt = jwtJwsConsumer.getJwtToken(); + + Assert.assertEquals("alice", jwt.getClaim(JwtConstants.CLAIM_SUBJECT)); + Assert.assertEquals(providerResponse.getTokenId(), jwt.getClaim(JwtConstants.CLAIM_JWT_ID)); + Assert.assertEquals(providerResponse.getCreated().getTime() / 1000L, + jwt.getClaim(JwtConstants.CLAIM_ISSUED_AT)); + Assert.assertEquals(providerResponse.getExpires().getTime() / 1000L, + jwt.getClaim(JwtConstants.CLAIM_EXPIRY)); + } + } finally { + Security.removeProvider(BouncyCastleProvider.PROVIDER_NAME); } - } @org.junit.Test
