Repository: cxf Updated Branches: refs/heads/3.0.x-fixes 525cd3ca7 -> 38bafeb6c
[CXF-6085] Adding a simple Jwe Json system test Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/38bafeb6 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/38bafeb6 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/38bafeb6 Branch: refs/heads/3.0.x-fixes Commit: 38bafeb6cef21004ab763914e5080da2462240f9 Parents: 525cd3c Author: Sergey Beryozkin <[email protected]> Authored: Tue Mar 1 16:39:56 2016 +0000 Committer: Sergey Beryozkin <[email protected]> Committed: Tue Mar 1 16:41:46 2016 +0000 ---------------------------------------------------------------------- .../jose/jaxrs/JweJsonWriterInterceptor.java | 26 ++++- .../rs/security/jose/jwe/JweJsonProducer.java | 5 + .../security/jose/jwejws/BookServerJweJson.java | 59 ++++++++++++ .../security/jose/jwejws/JAXRSJweJsonTest.java | 99 ++++++++++++++++++++ .../security/jose/jwejws/serverJweJson.xml | 58 ++++++++++++ 5 files changed, 245 insertions(+), 2 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/38bafeb6/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JweJsonWriterInterceptor.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JweJsonWriterInterceptor.java b/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JweJsonWriterInterceptor.java index 4568806..89ce053 100644 --- a/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JweJsonWriterInterceptor.java +++ b/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JweJsonWriterInterceptor.java @@ -21,6 +21,7 @@ package org.apache.cxf.rs.security.jose.jaxrs; import java.io.ByteArrayInputStream; import java.io.IOException; import java.io.OutputStream; +import java.util.ArrayList; import java.util.List; import javax.annotation.Priority; @@ -35,6 +36,7 @@ import org.apache.cxf.io.CachedOutputStream; import org.apache.cxf.jaxrs.utils.JAXRSUtils; import org.apache.cxf.rs.security.jose.common.JoseConstants; import org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm; +import org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm; import org.apache.cxf.rs.security.jose.jwe.JweEncryptionProvider; import org.apache.cxf.rs.security.jose.jwe.JweHeaders; import org.apache.cxf.rs.security.jose.jwe.JweJsonProducer; @@ -65,7 +67,25 @@ public class JweJsonWriterInterceptor extends AbstractJweJsonWriterProvider impl if (ctString != null) { protectedHeaders.setContentType(ctString); } - + List<KeyAlgorithm> keyAlgos = new ArrayList<>(); + for (JweEncryptionProvider p : providers) { + if (!keyAlgos.contains(p.getKeyAlgorithm())) { + keyAlgos.add(p.getKeyAlgorithm()); + } + } + List<JweHeaders> perRecipientUnprotectedHeaders = null; + if (keyAlgos.size() == 1) { + // Can be optionally set in shared unprotected headers + // or per-recipient headers + protectedHeaders.setKeyEncryptionAlgorithm(keyAlgos.get(0)); + } else { + perRecipientUnprotectedHeaders = new ArrayList<JweHeaders>(); + for (KeyAlgorithm keyAlgo : keyAlgos) { + JweHeaders headers = new JweHeaders(); + headers.setKeyEncryptionAlgorithm(keyAlgo); + perRecipientUnprotectedHeaders.add(headers); + } + } if (useJweOutputStream) { //TODO } else { @@ -73,8 +93,10 @@ public class JweJsonWriterInterceptor extends AbstractJweJsonWriterProvider impl ctx.setOutputStream(cos); ctx.proceed(); + + JweJsonProducer producer = new JweJsonProducer(protectedHeaders, cos.getBytes()); - String jweContent = producer.encryptWith(providers); + String jweContent = producer.encryptWith(providers, perRecipientUnprotectedHeaders); setJoseMediaType(ctx); IOUtils.copy(new ByteArrayInputStream(StringUtils.toBytesUTF8(jweContent)), http://git-wip-us.apache.org/repos/asf/cxf/blob/38bafeb6/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducer.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducer.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducer.java index 661a537..3c8385d 100644 --- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducer.java +++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducer.java @@ -60,6 +60,11 @@ public class JweJsonProducer { this(protectedHeader, content, aad, canBeFlat); this.unprotectedHeader = unprotectedHeader; } + public JweJsonProducer(JweHeaders protectedHeader, + JweHeaders unprotectedHeader, + byte[] content) { + this(protectedHeader, unprotectedHeader, content, null, false); + } public String encryptWith(JweEncryptionProvider encryptor) { return encryptWith(Collections.singletonList(encryptor), null); } http://git-wip-us.apache.org/repos/asf/cxf/blob/38bafeb6/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/BookServerJweJson.java ---------------------------------------------------------------------- diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/BookServerJweJson.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/BookServerJweJson.java new file mode 100644 index 0000000..9891cdf --- /dev/null +++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/BookServerJweJson.java @@ -0,0 +1,59 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.cxf.systest.jaxrs.security.jose.jwejws; + +import java.net.URL; + +import org.apache.cxf.Bus; +import org.apache.cxf.BusFactory; +import org.apache.cxf.bus.spring.SpringBusFactory; +import org.apache.cxf.testutil.common.AbstractBusTestServerBase; +import org.apache.cxf.testutil.common.TestUtil; + +public class BookServerJweJson extends AbstractBusTestServerBase { + public static final String PORT = TestUtil.getPortNumber("jaxrs-jwe-json"); + private static final URL SERVER_CONFIG_FILE = + BookServerJweJson.class.getResource("serverJweJson.xml"); + + protected void run() { + SpringBusFactory bf = new SpringBusFactory(); + Bus springBus = bf.createBus(SERVER_CONFIG_FILE); + BusFactory.setDefaultBus(springBus); + setBus(springBus); + + try { + new BookServerJweJson(); + } catch (Exception e) { + throw new RuntimeException(e); + } + } + + public static void main(String[] args) { + try { + BookServerJweJson s = new BookServerJweJson(); + s.start(); + } catch (Exception ex) { + ex.printStackTrace(); + System.exit(-1); + } finally { + System.out.println("done!"); + } + } +} http://git-wip-us.apache.org/repos/asf/cxf/blob/38bafeb6/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/JAXRSJweJsonTest.java ---------------------------------------------------------------------- diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/JAXRSJweJsonTest.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/JAXRSJweJsonTest.java new file mode 100644 index 0000000..83832ac --- /dev/null +++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/JAXRSJweJsonTest.java @@ -0,0 +1,99 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.cxf.systest.jaxrs.security.jose.jwejws; + +import java.net.URL; +import java.security.Security; +import java.util.Collections; +import java.util.LinkedList; +import java.util.List; +import java.util.Map; + +import org.apache.cxf.Bus; +import org.apache.cxf.bus.spring.SpringBusFactory; +import org.apache.cxf.jaxrs.client.JAXRSClientFactoryBean; +import org.apache.cxf.rs.security.jose.common.JoseConstants; +import org.apache.cxf.rs.security.jose.jaxrs.JweJsonClientResponseFilter; +import org.apache.cxf.rs.security.jose.jaxrs.JweJsonWriterInterceptor; +import org.apache.cxf.systest.jaxrs.security.jose.BookStore; +import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase; +import org.bouncycastle.jce.provider.BouncyCastleProvider; + +import org.junit.AfterClass; +import org.junit.BeforeClass; +import org.junit.Test; + +public class JAXRSJweJsonTest extends AbstractBusClientServerTestBase { + public static final String PORT = BookServerJweJson.PORT; + + @BeforeClass + public static void startServers() throws Exception { + assertTrue("server did not launch correctly", + launchServer(BookServerJweJson.class, true)); + registerBouncyCastle(); + } + + private static void registerBouncyCastle() throws Exception { + Security.addProvider(new BouncyCastleProvider()); + } + @AfterClass + public static void unregisterBouncyCastleIfNeeded() throws Exception { + Security.removeProvider(BouncyCastleProvider.PROVIDER_NAME); + } + + @Test + public void testJweJsonPlainTextHmac() throws Exception { + String address = "https://localhost:"; + PORT + "/jwejsonhmac"; + BookStore bs = createBookStore(address, + "org/apache/cxf/systest/jaxrs/security/secret.jwk.properties", + null); + String text = bs.echoText("book"); + assertEquals("book", text); + } + + private BookStore createBookStore(String address, Object properties, + List<?> extraProviders) throws Exception { + return createBookStore(address, + Collections.singletonMap(JoseConstants.RSSEC_ENCRYPTION_PROPS, properties), + extraProviders); + } + private BookStore createBookStore(String address, + Map<String, Object> mapProperties, + List<?> extraProviders) throws Exception { + JAXRSClientFactoryBean bean = new JAXRSClientFactoryBean(); + SpringBusFactory bf = new SpringBusFactory(); + URL busFile = JAXRSJweJsonTest.class.getResource("client.xml"); + Bus springBus = bf.createBus(busFile.toString()); + bean.setBus(springBus); + bean.setServiceClass(BookStore.class); + bean.setAddress(address); + List<Object> providers = new LinkedList<Object>(); + JweJsonWriterInterceptor writer = new JweJsonWriterInterceptor(); + providers.add(writer); + providers.add(new JweJsonClientResponseFilter()); + if (extraProviders != null) { + providers.addAll(extraProviders); + } + bean.setProviders(providers); + bean.getProperties(true).putAll(mapProperties); + return bean.create(BookStore.class); + } + +} http://git-wip-us.apache.org/repos/asf/cxf/blob/38bafeb6/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/jose/jwejws/serverJweJson.xml ---------------------------------------------------------------------- diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/jose/jwejws/serverJweJson.xml b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/jose/jwejws/serverJweJson.xml new file mode 100644 index 0000000..eaebd0c --- /dev/null +++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/jose/jwejws/serverJweJson.xml @@ -0,0 +1,58 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- +Licensed to the Apache Software Foundation (ASF) under one +or more contributor license agreements. See the NOTICE file +distributed with this work for additional information +regarding copyright ownership. The ASF licenses this file +to you under the Apache License, Version 2.0 (the +"License"); you may not use this file except in compliance +with the License. You may obtain a copy of the License at + +http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, +software distributed under the License is distributed on an +"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +KIND, either express or implied. See the License for the +specific language governing permissions and limitations +under the License. +--> +<beans xmlns="http://www.springframework.org/schema/beans"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xmlns:http="http://cxf.apache.org/transports/http/configuration"; xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration"; xmlns:sec="http://cxf.apache.org/configuration/security"; xmlns:cxf="http://cxf.apache.org/core"; xmlns:jaxrs="http://cxf.apache.org/jaxrs"; xsi:schemaLocation=" http://cxf.apache.org/jaxrs http://cxf.apache.org/schemas/jaxrs.xsd http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd http://cxf.apache.org/transports/http-jetty/configuration http://cxf.apache.org/schemas/configuration/http-jetty.xsd http://cxf.apache.org/configuration/security http://cxf.apache.org/schemas/configuration/security.xsd "> + <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/> + <cxf:bus> + <cxf:features> + <cxf:logging/> + </cxf:features> + </cxf:bus> + <httpj:engine-factory id="port-9095-tls-config"> + <httpj:engine port="${testutil.ports.jaxrs-jwe-json}"> + <httpj:tlsServerParameters> + <sec:keyManagers keyPassword="password"> + <sec:keyStore type="JKS" password="password" file="src/test/java/org/apache/cxf/systest/http/resources/Bethal.jks"/> + </sec:keyManagers> + <sec:trustManagers> + <sec:keyStore type="JKS" password="password" file="src/test/java/org/apache/cxf/systest/http/resources/Truststore.jks"/> + </sec:trustManagers> + <sec:clientAuthentication want="true" required="true"/> + </httpj:tlsServerParameters> + </httpj:engine> + </httpj:engine-factory> + + <bean id="serviceBean" class="org.apache.cxf.systest.jaxrs.security.jose.BookStore"/> + <bean id="jweInFilter" class="org.apache.cxf.rs.security.jose.jaxrs.JweJsonContainerRequestFilter"/> + <bean id="jweOutFilter" class="org.apache.cxf.rs.security.jose.jaxrs.JweJsonWriterInterceptor"/> + + <jaxrs:server address="https://localhost:${testutil.ports.jaxrs-jwe-json}/jwejsonhmac";> + <jaxrs:serviceBeans> + <ref bean="serviceBean"/> + </jaxrs:serviceBeans> + <jaxrs:providers> + <ref bean="jweInFilter"/> + <ref bean="jweOutFilter"/> + </jaxrs:providers> + <jaxrs:properties> + <entry key="rs.security.encryption.properties" value="org/apache/cxf/systest/jaxrs/security/secret.jwk.properties"/> + </jaxrs:properties> + </jaxrs:server> + +</beans>
